Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 8 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Netmetix: Tall, dark and… ransom

by The Gurus
July 10, 2018
in This Week's Gurus
ransomware
Share on FacebookShare on Twitter

Greig Schofield, Technical Director at Netmetix, explores the murky world of ransomware attacks and shows how organisations can protect themselves against this growing problem.

Call me a romantic but I’ve never believed that the stereotypical tall, dark stranger was limited to the world of fairytale.  For businesses in the digital age, a modern-day version is both an everyday reality and a recurring nightmare. Ransomware attacks – perpetrated by faceless, shadowy strangers – are no longer a tall story, they’re rife. Cyberspace is loaded with professional predators waiting to pounce, armed with malicious software to lure their prey. And instead of sweeping you off your feet, they’ll close down your business and drain your bank account. Welcome to Malice in Cyberland – the fairytale gone wrong. So how do you avoid falling down the rabbit hole? There’s plenty you can do to protect yourself.

First, let’s gaze through the looking glass and examine the size of the problem. Sadly, cybercrime is increasing. The number of high profile attacks grew in 2017 and is tipped to increase further in 2018 – why? The digital revolution, fuelled by the rapid adoption of Cloud and IoT, has created a perfect storm for cybercriminals – increasing the number of potential targets for hackers as they seek to exploit insecure devices through the back door. And as technology becomes more sophisticated, so too do criminals’ methods of attack. The impact is significant.  The World Economic Forum’s Global Risks Report 2018 claims that only extreme weather incidents and natural disasters are likely to cause greater disruption than cyber attacks in the next five years.

Improvements in cybersecurity mean that most attacks can be prevented. However, a worrying number of businesses remain vulnerable. Worse still, research from Computing found that 31% of UK organisations are likely to pay up if they experience a ransomware attack – a 6% increase on the previous year. The fear is perhaps understandable. Yet much of it is due to limited understanding of what ransomware actually is and, crucially, a lack of awareness that there are tools and processes that can significantly reduce the risk.

In simple terms, ransomware is malicious software (malware) that takes over a computer or system and encrypts data so that it cannot be accessed. The hacker subsequently demands money – ranging from hundreds to thousands of pounds – to decrypt the data and restore access. The ransom naturally increases with time but aside from the fee, an attack can significantly impact business continuity and, in the worst extremes, destroy a business altogether. Moreover, whilst most cyber criminals treat decryption as a professional business transaction, some make it impossible to restore data even after a ransom payment has been made.

Protecting against cyber attack: a five-step guide

So what can you do to mitigate the risk? In the UK, the government-backed scheme, Cyber Essentials, describes a cyber attack as the ‘digital equivalent of a thief trying your front door to see if it’s unlocked’ – and sets out a series of measures that organisations can adopt to protect themselves against it. The scheme, which leads to two tiers of Cyber Essential accreditation, provides a good basic framework for safeguarding a business. It identifies five technical controls that encompass the key aspects of assuring cyber security.

#1. Secure your Internet connection

This is a straightforward case of making sure your back door is bolted shut. Your internet connection is the gateway to your business – the way into all the sensitive data that makes your organisation tick. Despite this, it’s surprising how many companies still rely on primitive broadband systems to power their services. Securing your internet connection is a fundamental requirement of cybersecurity. This means embedding robust firewalls and, where necessary, enhancing them with core perimeter devices – unified threat devices – to prevent intruders from getting in.

#2. Secure your devices and software

This is about securing individual PCs, laptops and mobile devices. It begins with establishing a robust system for login authentication and ensuring passwords are strong and inscrutable. It also encompasses data encryption to make sure that information on laptops and devices that are likely to be used outside the office setting is adequately secure.

#3. Control access to your data and services

This is a crucial component that is specific to your business – there is no a one-size-fits-all solution. Assuring control of access to your data and services is all about establishing permissions – determining which employees can access, read and edit files. It’s a complex process that requires a granular understanding of your data, your organisation and how everything knits together to fuel the delivery of services. Moreover, it’s hugely important. Hackers will target the weak points in your infrastructure and can quickly exploit the slightest vulnerability. They thrive on ‘lateral movement’, meaning a hack of any unprotected device can piggyback them into adjacent systems and networks that contain more valuable data.  The key to controlling your data and services is to reduce access as much as possible, thereby reducing the threat landscape. It’s not an easy task.

#4. Protect from viruses and other malware

The majority of businesses now have antivirus (AV) protection. However, as we’ve already established, with the methods of cyber attack now increasingly sophisticated, AV software cannot stand still. It’s important to understand the distinction between ‘advanced persistent threats’ and ‘zero day attacks’. Persistent threats – those that have been seen before – are recognisable to most AV programs. However, zero day attacks – new and unfamiliar viruses and malware – are becoming more prevalent. Standard AV software is unlikely to spot it. At the base level, this threat alone underlines the importance of educating employees to be vigilant. It’s vital that everyone in an organisation understands the risks and recognises – and reports – unusual behaviour.

#5. Keep your devices and software up to date

The final control is common sense – yet it’s surprising how many companies operate systems and software that is out of date. However, if your software is not up to date, a hacker will quickly exploit it.  This once again exposes businesses to the damaging threat of lateral movement.

Safety in numbers: don’t try to do it alone

These five technical controls are a great start-point for businesses, but addressing them must be more than a tick-box exercise. Cyber Essentials accreditation is a worthwhile pursuit – and it can reassure customers that a business takes cybersecurity seriously. However, it’s possible to achieve first tier accreditation and still leave your operations exposed if you don’t go beyond the basics. It therefore pays to work with a technology partner that understands the nuances of cybersecurity and can configure your infrastructure so that all the intricacies of your business are properly protected.

A good partner will work with you to develop a forensic understanding of all your data points to build – and execute – a roadmap that delivers the greatest possible protection. They’ll have experience in deploying the full gamut of cybersecurity solutions such as firewalls, Intrusion Detection Systems and Unified Threat Devices – and can match those technologies to your real-world needs. Moreover, as cyber criminals’ modus operandi changes and types of malware evolve, they’ll be cognisant of the fluctuating threat landscape and be able to provide best practice advice to thwart it.

The threat of ransomware attacks is not a fairytale – it’s an unfortunate reality of modern business. But with a robust strategy underpinned by good technology and sound advice, much of it is entirely avoidable. Protecting your business doesn’t have to cost you a King’s ransom. But if you fail to do it properly, you might end up paying a high price.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

RiskIQ finds Ticketmaster breach part of massive credit card skimming campaign affecting over 800 e-commerce sites

Next Post

Passwordless and Multifactor Authentication motivate companies to shift their approach to customer logins

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information