‘Planning to fail’ is key to cyber-security
Businesses should “plan to fail” in their cyber-security to recover quickly after any malicious software attacks, warns a leading Scottish internet security expert.
The advice from Gerry Grant, “chief ethical hacker” at the Scottish Business Resilience Centre (SBRC), comes amid reports suggesting a third of UK businesses would pay to retrieve their shutdown systems should they be hit by a “ransomware attack”.
Grant said: “Businesses should ensure that all antivirus is kept up to date and that they have recent and reliable backups of all systems.
“They should be wary of random messages, odd emails containing invoices or urgent payment details and attachments. Modification of numerous files in a short space of time is also a major giveaway, as well as unusual network activity.”
Grant said it was not guaranteed the encrypted files in a tampered system would be freed with ransom payment, and the hackers may ask for more money.
“The best way to contain an attack is to disconnect all of the infected computers from the network, and if the computer cannot be isolated, then disconnect the shared drives,” he added.
Grant said reimaging the device was the only remedy for ransomware attack – removing the computer of all software and reinstalling safely.
“Preparing for the worst case scenario and planning to fail means that ultimately businesses are able to recover much quicker with minimal impact to the everyday running of the organisation.” 0 Gerry Grant – need to keep antivirus up to date