How to avoid being held hostage by ransomware
On New Year's Eve, most of us were preparing to celebrate the beginning of not only 2020 but a new decade too. Please spare a thought for the tech team at foreign exchange company Travelex who discovered a ransomware attack that would take all of its systems offline.
Attackers promised to return 5GB of customer data in exchange for $6 million. Although the company claims that no data has been stolen, its website remains offline. Physical branches attempted to provide services using good old-fashioned pen and paper rather than computers. But things quickly got worse.
Over a week later, the banks stepped in to call a halt to their services and prevent customers from ordering foreign currency. This cautionary tale is, sadly, not an isolated event. The infamous WannaCry ransomware attack in 2017 cost the NHS £92m, and there was an increasing number of high profile attacks throughout 2019.
Even if Travelex survive the incident, its problems could just be beginning. If the attackers have compromised customer data, the company could violate the General Data Protection Act (GDPR), which involves a fine of €20 million or 4% of its global turnover. How can you avoid a similar fate?
Educate your employees
Cybercriminals' first target will be the good nature of you or your employees. Attackers will try every trick in the book to exploit human weaknesses such as curiosity and fear. Every email that contains a URL or attachment that must be immediately be actioned must be treated with caution.
Many ransomware attacks begin with an email spam campaign consisting of thousands of emails hitting a company. The law of averages suggests that someone will always click on the affected link or attachment that will give the attacker a method of finding vulnerabilities that they can exploit.
In the event of a fire, every employee will know the procedure and when to "break the glass" in case of an emergency. We need a similar awareness around our digital responsibilities too. Educating employees to be more mindful of cybersecurity will also give you safety in numbers and a more robust approach to security that many are lacking.
Two weeks after the initial attack on Travelex, the company is still offline. History has taught us that those who don't learn from past lessons are doomed to repeat it. Breaking news stories about ransomware attacks is not just a warning but also an opportunity to bolster your cyber defences.
Prepare for the inevitable
The inconvenient truth is that anyone can be held hostage by a ransomware attack. From individuals, local businesses, large corporations to an entire town, nobody is safe. The Travelex incident highlights the dangers of failing to be prepared for an inevitable attack where frontline employees and customers get caught in the crossfire.
Prevention is always better than a cure. The secret to overcoming any form of cyber breach is being prepared. An incident plan should always be in place before an incident occurs. When hit with a worst-case scenario, the right people should be immediately in place, and comfortable they are doing the right things at the right time.
Panic is not a strategy when forced to make critical decisions as a company. A full understanding of your infrastructure, combined with a carefully combined checklist, should help your team identify what has been compromised and understand the scale of the impact of the attack.
Having an oven-ready methodical approach will enable you to quarantine or shut down critical areas quickly and calmly. Only when you have identified what is impacted by the breach can you activate your remediation plan and communications process.
Rather than having people running around in panic mode, tech teams should be left alone to focus entirely on closing down the attack surface restoring backups. At the same time, a separate communications team should be notifying the rest of the business those who are affected and regulatory bodies to avoid falling fine of fines. Hiding behind "planned maintenance" web page should not be an option.
Good cyber hygiene
Ensuring that your systems are regularly updated with the latest security patches along with a regular back up your systems is crucial.
If struck by an attack, the ability to identify and isolate the breach could save you from being another statistic. These routine tasks could provide you with the ability to restore previous and accessible versions of your critical data.
Whatever you do in the event of a ransomware attack, don't panic. Just like blackmail, you should never pay a ransom. There will be no guarantees that it solves your problem, and it will also help fund their next attack.
Back in 2006, British mathematician and architect of the Tesco supermarket reward program declared that data is the new oil. Like it or not, data is a currency in our always-online digital world. Without it, you cannot provide your customers with the personalized experiences that they crave. But with great power comes great responsibility.
Ensuring you are practicing good cyber hygiene is the best way to prevent an attack. Do you genuinely understand the impacts that a ransomware attack could have on you or your business? Who would help you identify the scale of the breach? And what would you do next? How you answer these questions will reveal how prepared you really are.
The FBI revealed that there are over 4,000 ransomware attacks every day that are running up annual costs of over $1 billion. Clichés are clichés for a reason. Remember, if you fail to plan, you are planning to fail. So, don't be the next Travelex.