Ransomware: Prevention is Better than the Cure
Certainly, it can be said that preventing a virus infection is better than getting one and facing the fallout or aftermath. This is especially true when it comes to our health, and has always been the case when it comes to IT environments.
Over the course of the past 12 months, ransomware attacks have again hit the headlines. Due to newer disclosure and reporting obligations, big businesses who have been subjected to malicious cyber-attacks are now required to inform their clients and/or shareholders and be fully transparent as part of their corporate governance.
Also of note is that malicious hackers may no longer simply demand a fee or bitcoin amount to unencrypt important files which have been rendered useless. Attackers will sometimes insist that a victim pay up by a particular time and date or risk having their data published on the internet (this is commonly known as Digital Extortion).
This leads to perhaps the most important question: how important is your data to you?
As an IT company, we cannot answer this, because it is a multilayered question depending on many additional factors specific to your organisation. Here are some further questions that only a customer can answer:
- What is the reputational risk to your company if your data is compromised and published on the internet?
- How long can your business survive if you cannot access your data or take payments?
- Without access to critical client data, do you put your clients at risk?
- How quickly do you need to be able to recover from a ransomware attack?
- Do you store bank details, health records, financial records or other confidential data?
- What are the implications of this information being made public or, perhaps worse, being sold to criminal networks?
Did you know that the Australian Government is considering making it an offence, via proposed regulatory frameworks to pay a hacker’s ransom, and that it might well contravene the Bribery Act (among others)?
There is the possibility that company directors could be prosecuted for making (or authorising) the payment of a cyber ransom. Strangely, this type of legislation could potentially discourage cyber-attacks on large companies, as would-be hackers will be aware that their intended target may be legally unable to pay the ransom for fear of prosecution.
Most successful cyber-attacks occur due to phishing, a type of email scam where an employee inadvertently gives away their network or other credentials. We see this as occurring at the first line of prevention.
Ideally, there should be as few SPAM emails arriving on the network as possible, followed by a multi-layered security process that includes:
- Remote/pre-delivery email filtering services
- Managed hardware firewalls with subscription-based updates
- Endpoint security software on all servers, desktops and laptops
- Regular security patching of systems
- Back up of Microsoft 365 emails
- Multi-factor authentication (MFA) on critical applications
- Phish Threat training and education
Of course, we also must plan for the worst-case scenario and have an action plan in the event systems are compromised.
This disaster recovery (DR) plan should include who does what, how and when (e.g. when to invoke Plan B and how to communicate this to stakeholders). The DR plan should also include a target time of when recovery is desired – we call this the real-time objective – and we can plan around this target time once known.
We facilitate this by providing an automated, securely encrypted, annually verified off-site backup. Without this fundamental link in your line of defence, the hackers have the advantage and the cure is painful, costly and could even result in legal trouble. Not to mention that a business may not be able to recover at all from a ruined reputation.
If you want to know more, please contact us.