The last few weeks have seen some of the highest profile ransomware attacks of recent times. In particular, the WannaCry worm made its way to around 150 countries and hit organisations as diverse as the National Health Service (NHS) in the UK, Renault in France, Spanish telco giant Telefónica, the Russian post office and FedEx, the US logistics firm.
Ransomware was already the main type of malware in 2016, but appears to have become even more prevalent in 2017. Ransomware encrypts or hijacks files, with the user seeing a message asking for payment before they can access the files again. To avoid being traced, cyber criminals ask for payment in cryptocurrency such as Altcoin or Bitcoin.
A new digital criminal
The Financial Times recently described ransomware as ‘the digital era’s equivalent of the highway robber — it appears from nowhere to panic and blackmail its victims by preventing them conducting their daily business unless they pay up’. But it’s actually worse than that. Cyber criminals are so much more professional and well-organised than robbers in previous generation.
This sophistication and expertise of cyber criminals makes it increasingly tough for security vendors and end-user organisations alike. WannaCry mostly targeted firms that hadn’t made a significant investment in cyber security, so it is hard to say the industry’s response was a complete failure. But for the hackers it was still very effective, with many affected businesses paying the ransom for the encryption key to get their data and files back.
Mounting a cyber defence
What can be done to protect an organisation in the face of such aggressive and targeted ransomware? First of all, it is clear that many organisations need to take the threat of cyber attack much more seriously than they have done to date.
The c-suite in many organisations is only paying lip service to the threat of cyber attack, and doesn’t really understand the true nature of the threat. WannaCry has brought this more front of mind, but it remains to be seen if they will take the required action.
Hackers are now so organised, professional and targeted, that previous approaches in defending and protecting against them are ineffective and an internal IT team is simply not enough to defend against this new breed of cyber criminal. Their time is spread too thinly across many other areas of IT and they often lack the most up-to-date expertise to be able to defend against cybercrime – a digital army of hackers requires a digital army to defend against it.
Management and mitigation of risk
Ultimately, risk must be managed and mitigated much better. There is a need for constant vigilance against cyber crime and also the need for vendors and end-users alike to work with experts more than they do currently.
Firms must protect themselves more effectively and the ‘patch-work’ approach simply will not suffice in 2017. Protection must be continuous and must entail the involvement of highly trained and proficient third-parties, adept at warding off hackers and using digital tools to enable the real-time monitoring of threats, ensuring digital cyber security is a continuous and on-going process.
Cyber crime such as ransomware is so varied and powerful that it has serious consequences for the entire business, not just IT. They are business risks and should be addressed as such, with IT risks brought together as part of an overall centralised risk management strategy, ensuring senior teams are aware of the risks and threat to business.
Maybe your organisation came through WannaCry relatively unscathed. Are you confident that you will be as lucky the next there is a major ransomware attack?