Safeguarding financial data
Awave of major cyberattacks stunned the world this year, serving as an unfortunate but crucial wake-up call about the importance of data security for organisations and governments around the world. According to a data protection report by global law firm Norton Rose Fulbright, the two latest high-profile ransomware attacks — WannaCry and Petya — affected computer systems in more than 150 countries.
In June 2017, Petya disrupted operations across multiple institutions in Ukraine. Within minutes, computers across several European countries and the United States were compromised as well.
Among other damages, the compromise made it impossible for bank employees to access data relevant to customers and crippled their operations. The incident raised immediate concerns about the protection of financial data and the steps that need to be taken in order to prevent the recurrence of similar attacks.
As part of precautionary measures, some banks shut down ATMs that were running on older software to thwart breaches to their security systems. However, banks are among key institutions that need to be able to operate 24/7.
In November 2016, the US Federal Financial Institutions Examination Council warned that hackers are increasingly targeting businesses by launching ransomware attacks — enabling them to assume control of company systems. In the specific case of the WannaCry attack in May 2017, hackers exploited a vulnerability in the older versions of Windows that were no longer supported with updates or patches.
As with all ransomware, once the system is infected, the data is immediately encrypted and you are asked to pay a ransom to decrypt and regain access. This usually amounts to a few hundred dollars and even more depending who is the target. Unlike banking malware that sets its sights on money — which is mostly recoverable — ransomware targets data, which cannot be recovered unless you have a backup in place.
Should you pay a ransom?
Intelligent cyberattacks such as these enable hackers to get their hands on substantial funds in a very short time span, as most of us would rather pay what we consider ‘dispensable’ money to get our precious data back.
It is advisable however, that you never succumb to the pressure to pay the ransom to regain access to their applications and data. There is no guarantee that cybercriminals can or will unlock files and payment only further motivates and finances attackers to expand their ransomware campaigns. The key advice for a ransomware defence is to always be in a position where you don’t even need to consider paying the ransom.
Preparing for the future
In the Middle East, the rise of digitisation and electronic retail services — spurred by a surge in the usage of smartphones, affordable data packages and the Internet of things (IoT) — have exponentially increased the cyber risks.
A new Internet Security Threat Report from security giant Symantec lists the UAE as the second most targeted country in the Middle East region for ransomware attacks, just behind Saudi Arabia. Interestingly, Symantec also found that 30 per cent of the UAE’s ransomware victims were willing to pay ransom to retrieve their data.
Whether you are an individual or part of a thriving local or international corporation, being prepared for cyberattacks such as ransomware is more critical than ever.
Financial service providers and Fintech companies are therefore integrating sophisticated capabilities into their systems that can seek out vulnerabilities, identify threats and remediate them. The latest advancements in this field include security-focused artificial intelligence, currently under development, that proactively identify, target and remove malware through advance algorithms and analysis.
Recommended safe guards
Whether you are an individual or represent a corporation, never overlook your security basics. Here are five important takeaways from the latest ransomware threats. First, keep your systems routinely updated with latest versions and security patches. Second, ensure you periodically backup all data, so that it does not disappear into the virtual black hole — offline backups such as external hard drives are usually considered a more secure option. Third, remember to invest in a reputed and reliable antivirus software and is considerably cheaper than dealing with a ransomware attack. Fourth, practice safe email management and internet browsing habits. Malware always gets downloaded through infected websites and Phishing attacks. Fifth, a culture of security awareness is a must for all individuals and corporations.
Treat your security of your information and systems the same way you would approach securing your home from intruders — by taking all precautions. These measures should certainly go some way towards protecting you from a ransomware attack like WannaCry and Petya.