Let us not forget that the vast majority of these successful ransomware attacks are only made possible as a result of human activity. Ransomware is not a cyber ‘attack’, it is an active and offensive head on assault on our defences. It is the dangling of a poisonous and indiscriminate bait that staff then take and bring into our organisations thus facilitating this destruction.
Almost all of the organisations affected will find, when they do their incident investigation thoroughly, that one of their staff has downloaded unauthorised software, or clicked on a phishing email or attached an infected USB device to their network. Without this human intervention, very little malware has any potency.”
Often businesses that have received a ransomware attack like Petya concede to the attackers demands because they don’t have good security, good education and good crisis management strategies in place. Often, they feel paying up is their only option.
If businesses were in a better place to begin with, they wouldn’t be held to ransom in the first place. Also, if businesses pay ransom to get files back, they’re essentially asking the attackers how much money they want and they’re telling them they’re prepared to pay so they will likely be targeted again.
Among the basic steps that companies and organisations can take to improve their resilience are the following:
1. There is a saying that goes “A fish rots from the head down” – get your senior board members up to speed on the threat landscape including cyber. They have invaluable strategic skills, which combined with the next steps will place an organisation on the front foot instead of the back one.
2. Ensure training is relevant and regular. The threat landscape changes fast, as the last few days have demonstrated. Make sure all staff, including senior management are thoroughly trained and enabled to question emails, files or activities they feel are counter to organisational security.
3. Make sure there is a policy in place that covers behaviours such as surfing inappropriate websites (where malware is often deposited for drive-by infection) and for ransomware, so staff know exactly what is expected of them.
4. Technology is a great supplemental support to human interaction when it comes to virus scanning and network monitoring, but don’t rely on it 100%. There is no magic button and security is achieved by cultural establishment.
5. If you have any device, component or system that is web enabled or networked, make sure it is part of IT change management; getting patches and updates on relevant systems and equipment and making risk-based decisions about keeping any systems with outdated operating systems.
Fact. Your CFO is losing sleep at night because he or she is worried about your organization’s financial reporting processes.
While many still think the banking sector is characterised by legacy systems and lack of innovation, this could not be further from the truth. 2018 marks the year when a multitude of external factors will shake up the industry once and for all and reinvent the way people bank. Inevitably, this presents a threat, but also an opportunity.
The Indo-US trade corridor is expected to grow to $500 billion by 2025. Currently, the two-way merchandise trade between these two countries is at $66.7 billion.
Cryptocurrencies have developed and matured in to an entirely new class of asset. Completely digital and constructed using blockchain technology, they are a genuine, game-changing means of raising capital for the funding of new and existing businesses alike.