A smart response to ransomware

10 July 2019

Back in January I posted my cyber security predictions for 2016, one of which was that ransomware would reap further havoc. This was based on the observed trends during 2015, and recent 2016 media reports have confirmed that there is just no slowing down in this variant of malicious software, or malware as it is more commonly known. Ransomware is also fairly indiscriminate in the sectors it targets: councils, hospitals (United States and Germany), schools, and even a university have all experienced attacks since the turn of the year. Proof that it’s not just the private sector at risk.

So, what exactly does ransomware do, and why should we all be concerned? Ransomware can infect your IT estate in exactly the same way as other types of malware: unsolicited email attachments from untrusted addresses, phishing emails that direct users to click on links to infected files, USB flash drives introducing files at the endpoint (think of all those free USB drives that get given away at conferences and trade shows), and even via smartphones that are connected to USB ports for charging.

Once onto your PCs or servers, ransomware will prevent users accessing their files or even their entire systems, usually via encryption. This data or equipment is then effectively held to ransom until the user agrees to pay money to regain access. A rather expensive inconvenience if you haven’t got effective proactive and reactive cyber security controls in place – defence in depth as such!

Shutting the door

Proactive relates to technical controls, such as boundary firewalls and internet gateways, secure configuration, user access control, malware protection, and patch management. The UK government believes that around 80% of all cyber attacks could be prevented if businesses put these simple security controls in place.

These technical controls should also be complemented by an overarching information security policy and an array of supporting processes and procedures. Additionally, all staff need to be made aware of the policies, processes, and procedures that need to be followed, and receive technical training as appropriate.

In fact, internationally-recognised standards such as ISO27001, ITIL and TOGAF all recommend the implementation of an Information Security Management system (ISMS) which can be best described as a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk-management processes.

Unfortunately, even deploying the most advanced technical solutions and the most robust people and process controls available cannot guarantee a network’s safety from cyber attack. This is when reactive controls come into play. These might include an effective backup and restore or a data-replication solution, and a comprehensive incident-management process with stages including preparation, detection and analysis, containment, eradication, recovery and post-incident activity.

At Ideal we can conduct a full security review and architectural audit of your systems and controls, and provide expert consultancy on any existing risks and vulnerabilities. We will provide recommendations and work as a trusted partner, to help ensure that your systems, policies and processes are effective in protecting your business from security threats.

Let me help put security at the heart of your business, call me on 01273 957500, speak to your account manager, or get in touch by email.


Header image: screenshot from the Norse live threat map