TechBeat: Security — risk and cybercrime
With the rise of cryptoattacks and risks from inside as well as outside the organisation, Irish IT pros outline their fears, risks and countermeasuresPrint
14 March 2016 | 0
The world of cybercrime has changed dramatically in recent times, with the emergence of new means of attack and exploitation being developed and made available in easy to use packages.
The sheer availability of such tools requiring little technical knowledge has meant the potential cast of threat actors has also increased dramatically.
One such exploit recently has been the cryptoattack, characterised by tools such as CryptoWall, which gets into an organisation’s network and then encrypts data which the attacker will then offer to decrypt for a ransom fee. There have been many instances of such attacks, most recently hitting a Californian hospital that suffered significant downtime.
To get a picture of where Irish organisations stood in terms of awareness, exposure and countermeasures for such activity, TechBeat, in association with DataSolutions asked Irish IT professionals for their views, experiences and insights. The survey was conducted in February with 137 respondents. The responses came from various sectors, with the largest proportion (41%) from IT, followed by government (16%), Finance (15%), and healthcare, retail, media and legal all coming in in single digits (7%, 5%, 4%, 2% respectively).
The survey first asked if the business had ever been held to ransom by a hacker. Nearly one in five (19%) said they had, with more than three quarters (76%) saying never, and 5% saying they did not know.
According to David Keating, security sales manager, DataSolutions, this is not lower than expected, as ransomware attacks are a very serious form of cybercrime.
Keating said that while end users are naturally easier targets than enterprise, businesses are being targeted.
Citing the Californian example, he said, “the hospital in California was held to ransom by hackers for a week. The hackers initially demanded $3.4 million (€3.1 million) for control of the computers to be paid in Bitcoin. Ultimately the hospital was forced to pay $17,000 (€15,638) in Bitcoin, a much lower but still significant amount of money.”
The survey asked respondents to speculate in such a situation, what ransom they would be willing to pay. The vast majority (91%) said they would not pay, but 4% said up to €10,000, 2% said up to €25,000, with 1% admitting they would pay up to €50,000. However, 3% said they would pay €100,000 or more.
This response, even though it constitutes just 9%, shows the fear that such an attack can instil in organisations.
“Confronted with the actual reality of being held to ransom by hackers,” said Keating, “it’s likely that many people would actually pay. However, there is a risk that even when payment is provided that doesn’t mean that you will get your data back. In most cases you should, as it’s simply not good ‘business’ for the criminals if people thought they wouldn’t get their data back whether they paid or not.”
“Ultimately, it’s a business decision — there is a point where people will pay, and it’s a case of balancing that cost with the costs of downtime.”
In light of this awareness, respondents were asked if they had taken steps against the likes of CrytoWall. More than two thirds (68%) said they had, with 16% saying they did not know and the same saying no steps were taken.
“It’s not a major surprise that such a large number have taken steps to protect their businesses from Crytpowall. However, I think that if you looked deeper, you would find that many of these people aren’t targeting Cyrptowall specifically — it’s more likely that people have put in a number of different systems to protect from various attacks that include Cryptowall,” said Keating. “The question is what level are they protected to — they could be employing less specific software; how confident are they that it would stop an intelligent Cryptowall attack? To be fully protected, you need sophisticated analysis of all documents coming into your organisation, plain and simple.
“Sandboxing used to be the way forward up to around only a year ago but now viruses can detect that they’re in a virtual machine and disguise the fact that they’re dangerous at that stage.”
Following on from this, the survey asked if changes or improvements had been made generally in the past year due to the rising incidence of cyberattacks. Again, the majority (78%) said yes, with 15% saying no, and 7% saying don’t know.
While awareness is clearly growing, Keating says there is more to do to keep current.