If you’ve been paying any attention over the past month or so you’ll probably have heard of the WannaCry cyber attack that brought down hundreds of thousands of PCs around the world and in some cases brought down entire businesses and services.
For those not familiar with WannaCry, the malware is known as ransomware and encrypts a PC’s hard drive. The only way to decrypt the contents is to pay a ransom for a key.
Businesses lose hundreds of thousands to WannaCry ransomware
In the UK the National Health Service (NHS) was crippled by the attack which is a frightening prospect if you consider the many hundreds or even thousands of patients whose lives were potentially put at risk. As computers locked out doctors and administrators, patient records are lost and life support machines are shut down.
The initial attack was slowed when a “kill switch” was discovered in the malware code. The problem is that this doesn’t guarantee that that malware is gone for good. Just this week the malware resurfaced in a Honda plant in Tokyo and in Australia traffic authorities said the malware was wreaking havoc with traffic cameras.
The truth is that WannaCry is far from over. It is more likely to be the start of the much bigger problem that is cybercrime and cyberattacks. In fact, earlier this week a new ransomware strain emerged called Petya and authorities at this stage are suggesting it may be more damaging than the WannaCry strain.
Organised crime has become increasingly fond of cybercrime because of its relatively low risk and high rewards. Cybercrime gives them access to potentially millions of victims without needed to leave their secure compounds and if you have millions of victims it’s easy to extract just a small amount of money from each.
In the case of WannaCry the ransom demanded was just a couple hundred dollars. At that price and compared with the value of the data on user’s PCs most victims elected to pay up and move on.
But cyberattacks are not limited to criminal elements. Increasingly cyberattacks are the domain on governments eager to destabilise other nations or steal valuable intelligence. Well-resourced nation states are in a position to mount increasingly powerful attacks against other nations or even corporations.
Be prepared - Get specialist ethical hacker in-house skills
It’s not just the scout motto but also good advice in dealing with the potential risk of cybercrime and attacks. As a business the risk of a cyberattack in the near future are very real and it’s best to ensure that your systems and staff are ready to counter the attack.
The first thing you want to do is to secure your networks. That may seem obvious but how do you prepare for an attack that are unpredictable and could take any number of forms? The best way to do that is to think like a hacker. Security staff with an ethical hackers certification are trained to think like someone looking to breach your network. Understanding how an intruder might find a weakness in your perimeter fence is the best way to stay one step ahead of the threats. Also, by understanding the trends in IT security and hacking a business is better equipped to close the holes.
Train your staff in cybersecurity awareness
The second thing a business should do is train its staff - all of them - to be alert to possible intrusions. Cyber criminals are n different to a regular house burglar in that they look for weak spots. If you’ve ramped up your network security then the intruders need to find another way in, and often that way is through holes far removed from IT security.
Phishing attacks are a growing worry for businesses for this reason. An attacker might impersonate a senior staff member or another trusted person to convince a junior staff member to hand over passwords. Or an attacker might email seemingly legitimate emails to senior management which will encourage then to enter passwords for secure systems.
Everyone in your business is a potential risk which is why everyone, from the most junior to the most senior ought to be give regular training in how to be cyber security aware. They need to be warned of the various ways attackers might try and steal sensitive information and how to avoid these situations. A reputable training partner will offer the initial training as well as ongoing testing to ensure staff remain aware. In such a situation a series of “fake” phishing attacks could be made on the various staff members and those that fall for the attacks can be sent for additional reinforcement training.
Don't be held to ransom!
Cyber attacks and cybercrime are a very real threat and will become more so over the coming months and years. Ensure that your business is not the easiest business on the street to be compromised by opportunistic criminals.