Just this past week the US Justice Department brought charges against North Korean spy Park Jun Hyok for the role he played on the global ransomware cyber-attack known as WannaCry.
Ransomware is a malware that, if downloaded and opened into a computer system, will hold hostage all the data contained in it, and then release it back once the ransom is paid (hopefully)… but not without (potentially) making a copy of all client accounts, credit card records, personal identity information, before giving it back.
Last year the NHS – the National Health Service of Great Britain – succumbed to WannaCry ransomware. NHS workers were locked out of their system until the ransom was paid. Meanwhile, thousands of appointments and operations were canceled, including those of 27 acute care trusts. Over 1,000 pieces of diagnostic equipment and other devices had to be put out of use once disconnected from the infected system, and many secondary systems were disconnected and shut down in an effort to prevent further spread.
Ransomware destruction is preventable.
NHS’s Chief Clinical Information Officer Keith McNeil determied, at final analysis, that the damage included “no incidents of patient data being compromised or stolen.” Some may call that a miracle.
The resulting investigation by the National Audit Office, however, came out with some frustrating news: the attack could have been prevented. Cyber-security recommendations had not been followed, making the system vulnerable, and compromising the health and welfare of every patient in the system.
Myth: Small businesses are not typical targets of ransomware.
One might think it less likely for a smaller business organization to be a target. After all, attackers want to go for the big organizations, right? A smaller organization would not be as big of a payday, and less attractive, right?
Cyber-attacking bad guys can be just as pragmatic as any other entrepreneur. If the golden egg is out of reach, they go for the low-hanging fruit. After WannaCry, those big organizations have taken notice and they are getting their systems secure.
The questions the small- to mid-size business owner needs to ask are:
- If I get locked out of my system, how will that cripple my operation?
- How much can I afford to pay if my data is held hostage?
- Am I prepared for the possibility that “ransom paid” does not necessarily mean “data restored”?
- How valuable is my client account database to a bad guy?
Do I safeguard customer information that, if in the wrong hands, could be used to steal identities?
Wipe out bank accounts?
- What will it cost to recover all this lost/compromised information?
- How many of my customers will I lose?
- How fast will this put me out of business?
Fact: Ransomware is momentarily down while sophistication of attacks are improving.
At the moment, you are more likely to be hit by miners, banking trojans, adware, backdoors, and spyware than by a ransomware attack (and, if your system’s cyber security is not up to snuff, I will bet that you have some of these lurking in your system right now). Because of the exposure given to ransomware by WannaCry and similar high-profile ransomware incidents, the ransomware cyberbullies have crawled temporarily back into their dark corners, but we should not let that woo us into a false sense of confidence against them. They are simply doing what criminals do: scheming for better, more vulnerable targets, and devising foolproof plans that will make victims want to pay.
Is your business going to be a vulnerable target? Are you prepared to be over the barrel to either pay up or live without your data? Or both (since paying up does not necessarily mean you get your data back)?
Don’t let your data be the low-hanging fruit. If being easy-pickings sounds unappealing, then protect your business. There are three areas of protection involved:
Before the Attack: Make yourself an unappealing target.
Minimize your attack surface and make your computer and data system difficult to penetrate. Get proper firewalls put in place. Enforce and harden all lines of communication within and without.
During the Attack: Implement effective global attack intelligence.
Just because you make yourself unappealing does not mean that you cannot still be a target. Therefore, put in place all the security measures that will detect, block, and defend your system when under attack. Web security and email security with an intrusion prevention system is made for fighting the intrusion as it is happening.
After the Attack: Having a retrospective security protocol that continuously analyzes.
Learning from the attacks you know galvanizes your system to protect it from the attacks you don’t yet know. This is obtained from advanced malware protection, network behavior analysis, and malware sandboxing. Containing and remediating past threats is an opportunity to prevent future threats.
How to Implement Complete Protection for Your System
As you can see, there is a complete before-during-after continuum when it comes to cyber attacks, and businesses must address them all to have the security they need. Getting both effective hardware and software in place is part of the plan. Full analysis of your system, as it is running now, is also essential. If you do not have a sufficient IT department, find an IT security company to be part of your business’ security team. If you have never had a complete analysis done before, you might be shocked to see what has been lurking in the background, silently compromising you, sometimes for months. Here is an important tidbit:
43 percent of cyber attacks target small business.
If that statistic does not get you, there are 11 more scary stats that might captivate you here.
IBM’s CEO Ginni Rometty said, “Cyber crime is the greatest threat to every company in the world.”
Make your company cyber-secure as soon as you can.