The age of ransomware and how it has changed the way we view security.
Technology has shifted the way humans consume, process and handle information. It has changed the way we interact with the world.
Take recent innovations such as Apple Pay and Android Pay– customers can now pay for their goods with their smartphones instead of their bank cards! This has brought added convenience and mobility to the high-street shopper as well as greater risk; what happens if their phone is stolen? The perpetrator can use their phone to make purchases leading to financial losses, and makes theft of phones even more valuable to high street pickpockets. The key point here is that with great advancements in technology, we must accept that a degree of risk is introduced and take steps to mitigate these.
We’ll be discussing what has become a viral topic as of late – Ransomware. You might have read that with a shudder, given the recent attacks to the NHS and other organisations across the world. For those who aren’t familiar with it: ransomware is when hackers infiltrate an organisation’s network and encrypt/ steal critical data and hold this to ransom in exchange for money, usually in the form of bitcoins as these are untraceable on the web. Did you know that 1.4bn data records were compromised globally through 1792 data breaches in 2016? The ratio of network breaches to the data stolen implies that hackers have only gotten more efficient in stealing information. 59% of the data breaches were related to identity theft – Can any of us afford for our customer and supplier information to get stolen? I strongly doubt it.
In most business environments, many transactions occur through email and other internet-powered applications. We rely on our systems to deliver critical business-enabling functions, and assume that the protocols put in place by our IT teams are enough to protect us from malicious payloads. But as evidenced above, it doesn’t take many hits for malicious content to infiltrate your network and cause mass damage in the process. For example, an Austrian hotel was coerced into paying a ransom after hackers stole the key card information allocated to the electronic passes that customers use to get in and out of their rooms. The staff were unable to retrieve the information and the hotel was at full capacity during that period and couldn’t afford not to pay the ransom as customers were getting restless. The most concerning aspect was that it was the third time the network had been attacked. So, are you constantly getting security alerts and overlooking them? Well, you have at least one example as to why you shouldn’t.
Ransomware has been a bit of buzzword over the recent months, and it was only until the world-wide ransomware attack on Friday May 2017 that people started to take it seriously. Ransomware has been and will continue to be an imminent threat to any organisation with outdated systems and not enough anti-malware protection. You might think that your IT team has your security strategy sorted, but recent research has found that 43% of UK companies do not have a cyber security strategy – that’s an incredibly large number, are you confident your business isn’t in that number?
Having dealt with security strategies over the years, I would recommend the first step to combating the threats such as ransomware is to gain network-wide visibility of your infrastructure so you know what’s coming in and from where. Many security experts have proposed that businesses follow a defence-in-depth strategy where they cover their networks many different components for maximised coverage against threats. Read more about defence-in-depth in an earlier article I’ve written here.
If you’d like to have an in-depth discussion regarding security, then get in touch with us Here.