3 Way to Difuse the Threat of Ransomware

Published in Security

Any cyber-attack makes IT pros shudder, but ransomware adds an extra element by its very nature – after all, you are not only attacked, but held hostage. The genre also tests both your security plans and your employees.

Ransomware attacks are on the rise: According to the FBI, an average of 4,000 ransomware attacks took place each day in 2016, a 300-percent increase from 2015. If ransomware wasn’t top of mind before, the WannaCry ransomware attack this May showed how sophisticated – and disruptive — hackers have become. (WannaCry forced a giant like FedEx to shut down operations the day after the attack.)

In attacks like WannaCry, cybercriminals gain access to systems, encrypt critical data and hold the encryption key and data hostage. However, not surprisingly, some organizations have paid the ransom but never received the key.

The human side of ransomware

3 Way to Difuse the Threat of Ransomware

According to the “BCI Cyber Resilience Report 2017,”ransomware accounts for 19% of cyber disruptions.

According to the “BCI Cyber Resilience Report 2017,” conducted by the Business Continuity Institute and Sungard AS, phishing and social engineering remain the top security threat, cited by 57 percent of respondents. Ransomware ties for the fifth spot on this year’s list. However, the report authors point out that ransomware is usually delivered through phishing and social engineering.

That adds up to ransomware being the “rising star of malicious codes,” according to David Thorp, executive director of BCI. Thorp writes that this reveals a weakness in the human aspect of cyber resilience, which calls for better education and awareness-raising initiatives.

Some victims pay up, some say ‘no’

When a hospital in Los Angeles was hit by the Locky ransomware virus, it ended up paying a ransom of 40 Bitcoin at a value of $17,000. When an employee opened an infected email attachment, a municipal utility in Michigan lost access to its accounting and email systems; an executive was quoted as saying that paying the $25,000 ransom was “distasteful and disgusting, but sadly necessary.”

Not all organizations pay. Three hospitals also hit by the Locky virus did not pay attackers and their systems were brought back to normal thanks to a quick-reacting IT team. When hackers attacked San Francisco’s light rail transit system, Muni, shutting down its ticket machines, the agency refused to pay the 100 Bitcoin (about $73,000) ransom demanded. While its IT team restored the system, customers rode for free.

There is no simple solution to preventing ransomware attacks. However, businesses can avoid having their data held hostage with these strategies.

1. Educate, test, patch

In addition to ensuring your anti-malware software is up-to-date, educate employees to recognize phishing attempts, social engineering attacks and the dangers of using computing assets in public, unsecured environments.

It’s also critical to know where your vital data is located, its value and where you are most vulnerable. Security assessments and vulnerability testing can help you develop a new strategy or harden an existing one.

WannaCry took advantage of a vulnerability in the Windows operating system. Many victims had not applied a security patch issued by Microsoft two months earlier. This highlights the importance of having a plan in place for ongoing operating system upgrades. A vulnerability management (VM) program can perform this task as needed.

2. Detect ransomware before you’re infected

One weak link is all that’s needed for malware to make its way onto your network. Your second level of defense should be to verify the effectiveness of your multi-level approach so you detect a ransomware attack before significant damage occurs. A file-integrity monitoring service is one way to accomplish this. It looks for suspicious activity, flags anything unusual and prevents the action.

Another option is a security information and event management (SIEM) service to monitor security events, correlate the events across devices and analyze them based on rules to detect malicious activity.

3. Mitigate the impact of ransomware

Your third line of defense is having a disaster recovery plan to mitigate the impact of ransomware. If malware does make it through and your data is held for ransom, this can help you recover your business operations.

Looking at the WannaCry attack, many victims did not have backups, lacked confidence in using them or had not adequately tested procedures to ensure successful restoration. Some who had backups were not sure of how far back the infection had spread, so determining the recovery point was difficult.

To minimize confusion and save time, define and document what steps need to be taken, in what order and by whom, if a ransomware attack happens. Having backups is key, but it won’t help if they don’t restore your systems as expected, so it’s important to test them on an on-going basis.

Network segmentation can help as well, cutting off any infected devices from the rest of your network. But like backups, this needs to be planned for and tested long before an employee clicks on a suspicious link.

With ransomware on the rise, it’s easy to become a victim. But if you follow these steps, you’ll never have to make a decision about whether to pay up to unlock your data.

Read more...

Data Breach Response: 4 ways the most resilient businesses respond to hacks

Published in Business Continuity

Data breaches can trigger fines, deflate stock prices, irreparably damage reputations, lose customers and attract more cyber-attacks.

But they don’t have to.

By responding quickly and decisively at the first sign of a data breach, you can limit its impact, preserve trust in your business and keep customers safe.

The consequences of a botched data breach response

For many small and medium-sized businesses, a hack can end their existence: 66 percent of them go out of business after a data breach.

Large companies are more likely to survive, but suffer severe damage. Shortly after Equifax announced a data breach that had compromised the personal information of 143 million Americans (recently updated to 148 million), it quickly shed more than $4 billion in market value as its stock sunk 20 percent. It hasn’t recovered.

The two massive data breaches Yahoo reported in 2016 gave Verizon a $350 million discount when it finally purchased the company in 2017.  When it was revealed that Uber had kept quiet for more than a year about a data breach that affected 57 million people, the public outcry added to the growing reputational damage the company experienced in 2017, trimming its value by about 30 percent.

Throughout 2017 companies large and small suffered data breaches, often with a larger overall impact than necessary. If you want to mitigate the impact of data breaches at your company, and hopefully prevent them, follow these four principles.

  1. Act quickly

A data breach requires an immediate response from every part of your organization. Your IT and business teams will need to locate and close any vulnerabilities in your IT systems or business processes and set in motion your disaster recovery plan if they uncover a data corruption. Your business units may need to invoke their business continuity plans, and you may need to assemble your executive crisis management team.

You can improve the speed and effectiveness of your response with regular testing that will ensure everyone is ready to go and knows what to do as soon as a breach is recognized.

Another advantage is having the results of a Data Protection Impact Assessment (DPIA) at your fingertips. It details all the personal data you collect, process and store, categorized by level of sensitivity, so you’re not scrambling around after a breach.

With a clear sense of who should be taking charge and what exactly should be done, you can better contain the damage caused by the data breach.

  1. Be open and honest

A data breach is never ideal, but if your business suffers one, it’s important you inform anyone who is affected as quickly as possible. This will allow them to implement their own self-protecting measures.

We live in a highly connected world with hyper-extended supply chains. Create a crisis communication plan that sets out in advance who needs to be contacted should a breach occur. That way, you’ll never forget important stakeholders in the heat of the moment.

Failing to inform people in a timely manner can cost you in fines, reputation loss and disgruntled customers.

  1. Figure out what went wrong

After a breach, IT administrators should comb through network traffic archives to look for any abnormal activity. How did the breach occur? Was it a vulnerability that should have been patched? Innocent human error? A process gone wrong?

It’s equally important to review your DPIA to ensure it’s up to date.

If the breach is a criminal matter, make sure you pass on any and all relevant evidence to the police so that those responsible can be brought to justice.

  1. Pre-empt future attacks

Prevention is always better than cure. It’s good business practice to continuously monitor risk, including information risk and ensure the controls are adequate.

Conduct physical and logical penetration testing and check your organization’s susceptibility to social engineering. Ensure you have effective business continuity and back-up solutions in place. Check in on any vendors or partners that have access to your network to review their security practices and level of access. Seek out executive coaching to ensure that your C-suite has the skills, competencies and strategies to lead your organization through the complex, uncertain and unstable environment that is the aftermath of a data breach.

Facing the inevitable

Data breaches are growing more common, not less. How you respond in the aftermath of a data breach says volumes about your organization and how much you value customers.

If you delay disclosures; suffer repeated, preventable breaches; and leave vulnerabilities unfixed, you’ll shed customers and market value.

Quickly take action, however, and be proactive in your notifications of a breach and fixing vulnerabilities, and you’ll contain and weather a data breach better than most businesses.

Read more...
Subscribe to this RSS feed