No longer is the performance of your business and the comparative success of your competitors the biggest threat to your business, it’s the threat to your IT that can wipe out your business and your ability to deliver your products or services within seconds.
New and smarter generations of malware are being developed and deployed not only by cyber criminals, but new hackers who can make their own custom malware given the prolific rise in malware-creation kits. Buy the software, point, click and you have your own custom malware. You can hide it in a PDF, a Microsoft Word document or a ZIP file.
Even organisations with a high level of cyber security defences find this environment challenging, as threats increase in number and variety, and attackers improve their tactics, techniques and procedures at a pace faster than most can keep up with.
The providers of security software and services simply do not have the resources to respond to each and every threat. By the time an antidote is developed, another mutation is in the wild.
Responsibility for cyber security in SMB’s has pretty much fallen exclusively on the shoulders of the IT department or the incumbent IT partner. With such a massive threat, this must now change, and board involvement is critical – it’s no longer just a technology issue, it’s a business issue for the whole company.
Education is key, and this must begin with the directors understanding the main threats, how they are contracted, the best measures you can take as a business to avoid them, and what to do if you have an incident. From here, you can build a plan to be as prepared as you possibly can be.
Ransomware infects a computer, seeks out certain types of data based on attributes – file types, location, and encrypts it surreptitiously using keys known only to the attacker. The victim is given a choice: pay the attacker to unencrypt the data or lose it forever. Attackers also demand their victims not inform law enforcement or risk losing the data permanently.
Research indicates that 44% of UK companies have been hit by ransomware in the past 24 months, and of these 65% of companies locked out of their critical data admitted paying up. Cyber criminals share information about which organisations pay, so by paying the ransom you’re flagging yourself as a target for further attacks.
Of those companies who did pay up, most did so as they were concerned about being fined if data was lost, followed by the fact that their encrypted data was highly confidential, and also by the relatively low ransom demands, with the average being between £500 and £1000.
Even if companies pay, there is also no guarantee they will get their data back. Only around 45% of those who paid got their data back, research has shown.
CryptoLocker is similar to Ransomware with its demands for payment from the infected computers, but differs because it uses more modern and complex attack techniques, such as delivering malware via an exploit kit on compromised websites. It also uses encryption that is implemented so securely that malware researchers can’t reverse-engineer it.
Additionally, CryptoLocker encrypts data not only on the local system, but also on removable media and network shares.
Techniques to Lower Your Risk
The recommended starting point is ensuring that all staff are aware of the issues and how they can help. This is because the most likely source of an infection will be a staff member opening an email attachment or clicking on a link in an email.
Staff awareness is not a one-off exercise, but a continuing and evolving program. Many businesses are now running their own internal spoof malware campaigns to assess the levels of knowledge around threats they have in their business, so they can build their training plans accordingly.
Train your staff to report unusual or strange activities on their devices, which may be an indication of infection.
This should be obvious to most as we’re all familiar with anti-virus products; ensure you have the best user endpoint protection software your business can afford. But rather than just assuming what you use is any good and is working correctly, as a business owner responsible for your business you must now take ownership of this and run through regular checks with your team to ensure its doing the job.
Endpoint protection has the capabilities of dealing with threats before they are even known to the software provider, known as zero day protection. Using heuristics and complex prediction techniques, it can detect unknown and emerging threats based on reputations and information on the files characteristics.
Fortunately, defending against threats such as Ransomware or CryptoLocker doesn’t require new technology. The most valuable protection is good, reliable, tested and current data backups. Suddenly it’s no longer necessary to pay a ransom when the affected machines can simply be wiped and restored from backups. These backups should be off-site or protected from unauthorised deletion.
With a staff awareness program in play, companies should look at the network and system operation. For example, no one in a company other than trained IT administrators should have administrative privileges. This will help reduce the ability of malicious code to execute.
Users should not be able to double click and open an untrusted file. They should be prompted with a warning message before being allowed to open untrusted files.
Consider getting central management tools for mobile devices that attach to your wireless network to control and restrict their activity.
Encrypt your sensitive data (at the least) and consider two-factor authentication (2FA) or other forms of access control so that, even if the data is compromised, it still has a measure of protection.
Look at white-listing applications and using hash functions to sign executables so that, if they are modified, they will not run.
Contact the writer Nick Lee: firstname.lastname@example.org