So far 2017 has shown Ransomware to be the cybercriminal’s tool of choice. It’s easy to deploy, allows for multiple ways of infecting victims, and it forces victims to pay the hackers in untraceable, electronic forms of money. The ‘WannaCry’ attack in May illustrated just how devastating Ransomware can be. The attack began on Friday 12th May 2017 and within a day was reported to have infected more than 230,000 computers in over 150 countries, including that of the NHS. Here, James Kelly, Chief Executive, of the British Security Industry Association (BSIA) highlights simple steps that can be taken to help protect the public and businesses alike from falling victim to malicious cyber-attacks.
What is Ransomware?
Ransomware is a kind of cyber-attack that involves hackers taking control of a computer or mobile device and demanding payment. The attackers download malicious software onto a device and then use it to encrypt the victim’s information. They threaten to block access to the files until a ransom is paid. It is common for criminals to ask for a fee between 0.3 and 1 Bitcoins (£400 – £1,375). Such attacks are mostly waged against businesses, but can also affect individuals.
What other cyber threats are out there?
Cyber threats can infiltrate our networks in multiple different forms; one common threat in particular is that of phishing, where harmful links or attachments are distributed via email in an attempt to get the recipient to enter personal information, such as passwords or card and bank details. Clicking on such links can also result in harmful malware being downloaded onto the recipients system, consequently allowing criminals to steal information from the computer or spy on the user for long periods of time. The ‘Cyber Security Breaches Survey’ published in May 2016 by the Department of Media, Culture and Sports also highlighted that the most common cyber security breach or attack was from a virus, spyware or malware, with 68% of respondents falling victim to it. Impersonation of another organisation was also a main threat, highlighted by 32% of respondents. Such impersonations could include a text or email from a bank requesting the victim to log onto their account via a harmful link that will result in the criminals having access to financial accounts. Therefore, it is absolutely essential for people to be vigilant when clicking links in emails or messages, no matter how familiar the sender may seem.
Putting protection in place
Defending against these criminals does not necessarily require complex strategies; simple steps such as regularly updating software and malware protection, ensuring that all firewalls are robust and up to date and restricting access to specific users, can all go a long way in keeping cyber threats at bay. It can be especially useful to configure specialised firewall rules in order to restrict access to the networks, with such firewalls being inaccessible from the internet in order to be less vulnerable to attack. Social media can also be a breeding ground for identity thieves and they do not necessarily have to hack accounts to get the information they need. Often, victims make their own information readily available by publishing personal details on their social media accounts. Phone numbers, addresses and even birthdays should not be mentioned on profiles, with privacy settings being as strict as possible.
Cyber breaches can be extremely costly to a business, not just financially, but reputationally as well. This is especially true if personal data is compromised, with the Information Commissioner’s Office awarding hefty fines for data breaches. It is very important for organisations of any kind to be aware of the cyber threats they face and have a general cyber policy in place for all individuals to adhere to. Such policies should consider a wide range of staff practices, taking into account remote working, personal devices within the workplace, the use of removable media and private use of company computers. It can be especially useful to have staff training sessions focused on cyber security to ensure that everyone is vigilant within the work place.
It can also be wise to enlist the help of a security consultant to help identify any potential weaknesses within a network and develop contingency plans in the event of a breach. A reputable security consultant with a wealth of experience and proven track record in cyber security can carry out penetration testing in order to ensure that the protection already in place is adequate enough to challenge ever-advancing cyber threats. The testing can also identify any weaknesses in the network and address them where necessary. Following that, they can then work closely with the business in order to develop a complete risk register with a comprehensive security strategy and effective cyber policy in order ensure the business is fully prepared for any potential threats.
If an organisation does choose to enlist the help of a security company to help fight cyber-crime, it is essential that quality takes precedence and that products and services are sourced from a reputable company. Members of the BSIA’s Specialist Services Section have a multitude of knowledge and experience in cyber security and can provide a reliable, professional service. To find out more visit: www.bsia.co.uk/sections/specialist-services.aspx