‘YOU’VE GOT MAIL’
Receiving a ransomware notices shouldn’t mean the end of your business
The email that informs you that you’ve been the victim of a cyber attack may be surprisingly businesslike, but make no mistake: bad actors who trade in ransomware can stop your business cold.
The good news is there’s plenty that businesses can do to prevent ransomware assaults, inoculate themselves against potential damage and quickly recover following an attack, says Sasha Khan, executive vice-president with Canadian IT service provider Jolera Inc.
“We’ve seen a lot of highprofile cyberattacks over recent years,” Khan adds. “It’s underscored the need for businesses of all sizes to improve their security threat posture and plug potential security breaches in the organization.”
Cyber economy consultancy Cybersecurity Ventures estimates that global ransomware costs — including ransom paid and damage to businesses — totaled US$5 billion in 2017. It estimates those costs will more than double to US$11.5 billion by 2019.
Ransomware attacks follow a typical pattern.
“They lure end users into activating something on a local machine to trigger the ransomware threat,” says Jolera’s Khan. “It can range from something as simple as an email with malicious code attached, to something that directs you to a malicious website or encourages you to download something to your system. Once the bad actors have hooked into your system, they run software without your knowledge with the intent of encrypting your data, making it unusable to you. You’ll then receive a notice that you’ve been attacked by ransomware and provided with instructions on how to pay the ransom that will release your data.”
Is it possible to decrypt the data using outside experts? Possible but unlikely, says Khan. Even if an expert could do it, the costs of suspending business operations would quickly mount. So while some businesses are reluctant to report an attack, statistics show that about half the victims pay ransom. In most cases, the data is released following payment. In others, data is so damaged that businesses start over from scratch or decide to carry on with whatever intact data fragments they have left.
“Smaller companies aren’t immune,” says Khan. “In fact, they’re more likely to be ransomware targets than larger companies that would likely have a more mature security posture.”
Khan recommends that companies consider a twopronged approach to securing their businesses. They need to develop an aggressive defence posture to detect and combat malicious activity while providing a secure cloud-based backup of business-critical data.
Companies should minimally install a firewall, a security system that monitors and controls incoming and outgoing network traffic.
“But firewalls are often passive,” says Khan. “Companies need to put teeth in that firewall system by developing the capability to understand what unusual traffic on their network might indicate and whether these signals are part of a cyber attack. They’ll need multiple layers of protection to secure all aspects of their network.”
A company’s firewall, for example, is considered its “front door,” but it’s not the only way inside the network.
“You need to provide the same level of intensity to protect the ‘back door,’ ” says Khan. “That includes all endpoint devices, such as laptops, computers and smart phones. This is where you need to catch, contain and stop suspicious activity, often brought about by either user actions or inactions.”
A company’s Wi-Fi network is also a point of entry that often is weakly defended.
“You need to plug the holes in your company Wi-Fi system and be able to monitor all wireless traffic for suspicious activity,” says Khan.
Companies also need to train their employees according to best practices for security. That includes anything from devising effective passwords to recognizing phishing or spear-phishing ploys and identifying fraudulent links and web sites.
“We think of increased security in terms of layers,” says Khan. “The more layers of security you place between bad actors and your data, the better your protection. An effective security system should be able to correlate events happening at various parts of the company infrastructure that may not trigger suspicion individually. But taken together, they indicate that you have been compromised or are about to be compromised.”
That’s where the importance of human supervision comes in.
“An added layer of human intelligence can interpret the signals gleaned from multiple events and trigger a security service to take action,” says Khan. “Cyber attacks may be driven by technology, but ultimately it comes down to a very human battle between attackers and defenders.”
The second prong of a secure defence against ransomware is a backup and disaster recovery solution. This involves not only physically storing backups on-site but storing them off-site using cloud-based technologies.
“Backup cloud-based storage provides a clean copy of the company’s data that remains untouched by cyber attack,” says Khan. “It’s an insurance policy that gives companies the opportunity to restore their data to a recovery point before the attack occurred and can get a business back up and running as soon as possible.”
Khan notes that bad actors often plant the seeds of ransomware long before they stage a cyber attack.
“Even though you’ve never received a ransomware notice, your company may already be infected,” he says. “They just haven’t gotten around to you yet. Large or small, your company needs to apply enterprisegrade security to combat a global threat.”