Proper planning can mitigate ransomware fallout and strengthen security stance, says Goulding of Integrity 360
19 July 2016 | 0
What would you do the moment you knew your business had been infected with ransomware? Imagine the panic that follows in the moments after discovering an attack, as you try to work out which files have been encrypted, and whether you need to start having awkward conversations with customers because your service is interrupted, or worse, the data you hold about them may be inaccessible. And that’s before you begin counting the cost of disruption and downtime to the business as you deal with the emergency.
These aren’t idle questions. In April, the FBI warned about rising volumes of ransomware attacks, which cost 2,453 victims more than $24 million combined in 2015. In our own business, the number of organisations contacting us about ransomware attacks increased by a massive 380%t in Q1 2016 compared to the final three months of last year.
In several cases where we’ve been called to help, it’s quickly become clear that many of the organisations don’t have an incident plan in place to deal with situations such as this. If someone is breaking into your house, you automatically know to call the police, but many businesses, including some very large organisations, don’t know what procedure they need to follow for a cyberattack.
Some victims reacted instinctively and switched off any infected computers. It’s understandable but it is a huge hindrance to the team who need to forensically analyse the machine to investigate the attack. Simple things like unplugging the network cable but leaving the computer on means that the machine can be scanned and you can understand how the attack happened.
Where security is concerned, the threats are too potent to go without a plan. Some of the best money you can spend is on relatively simple items like a risk assessment register or a cybersecurity strategy document. In our experience, a risk assessment exercise usually takes between 7-11 days depending on the size of the company. By knowing the weakest spots in its infrastructure, that organisation can then make more informed decisions about how to allocate the rest of its security budget.
“The number of organisations contacting us about ransomware attacks increased by a massive 380%t in Q1 2016 compared to the final three months of last year”
We see a lot of investment in the wrong areas in security, so a cybersecurity strategy can address this. It helps the business to be more secure, to grow and be more profitable. It doesn’t mandate or prescribe technologies; it’s essentially a list of the most valuable assets in the business.
Integrity360 recently worked with a customer that sold via catalogues, in store and online. Its e-commerce sales were healthy but a risk assessment exercise revealed the company had actually spent very little on protecting its web site. When we upgraded the security infrastructure, we blocked malicious traffic coming to the web site, which meant the company’s existing customers had a better experience because the site was faster. What’s more, the customers didn’t need to buy extra servers to bear the load of traffic that wasn’t translating into sales.
Far too often, security is seen as an obstacle in the way of doing business, but the example above shows how security can be a business enabler. It’s no coincidence that the FBI’s April warning made a very clear reference for the need to prepare for cyberattacks like ransomware in advance. Start with a good plan, and good protection will follow.
Eoin Goulding, CEO, Integrity360