Ransomware, How do I mitigate the risk? a business conversation!

Working with many Information, Communication and Technology (ICT) Partners and having had firsthand experience working with Companies, Business Owners, and Directors I worry that the business owners still have ‘not got it’ that the “business data is one of the most important assets they have to fuel their business forward”. Striving to have great team members, creating awesome cultures, great working procedures to delight and retain the customer is a given, what can these teams and procedures do if they don’t have “Current Data” to make “Informed Decisions?”. However, when their ICT Partner reminds the business owners of a sign-off of a ‘Basic Data Protection’ procedure some business owners and directors seem to drag their feet. Hopefully, this document will share and enlighten you the business owner, “What happens if your business is the victim of that unthinkable data breach, and what you can do to mitigate the commercial and brand impact?”

Irrespective of how smartly your ICT Partner has secured your office network, there is this life form called the ‘Human’ who can be easily misled as we don’t know how smartly the “Hacker” thinks. Here is a great example of my real-life experience, which prompted me to write this article.

When it comes to proactive security measures, the organisation I work for is right at the top. I had a message in my quarantine’s messages, checking them noticed one from a known partner that I was doing some work. I released it, in the interim I also had a message from a colleague requesting if we should pay the invoice. Having not yet checked the email from my Partner, I did open the email, which navigated me to a “SharePoint Look alike Portal “, as the email was from a trusted party did not think twice in my busy day. However, you know that sinking feeling one gets when you know what you have done is not 100% right, within less than a minute I changed all my credentials and logged a support call with IT. They responded immediately and after verifying my laptop confirmed all is good.?Love the smart Techs, I felt the adrenalin pumping for him when he was going through my laptop with a fine toothcomb. During this time my concern was about, all the nasty “What if, scenarios I speak to with my customers? ?So, if I can make this type of mistake with all the insight that I receive from the industry what hope is there for the average busy team member in your company.

Checkpoint #1> Is Cybersafety part of the Team education?

So, the email I received as part of an ‘email Phishing Tactic’, today the list of data breaches is endless. Lack of simple habits of not having a password that is longer than 15 characters that include alphanumeric and symbols, no two-factor authentication, getting mislead by malicious code in social media advertisements, polyglot files, insecure IoT devices, lack of good governance of not having up to date software and hardware, let’s not also forget the disgruntled employees who maliciously delete the files from the server to more planned threats with zero-day exploits and last not least the more popular type of attack these days is the ransomware. Ransomware is a growing industry that now has evolved to have the ability to outsource a ransomware attack as a service.

McAfee a specialist Cyber Security Software developer claims that ‘NetWalker’ provides the code as a service where they share a percentage of the funds that are received. McAfee continues doing a lot of research in this space and they claim that ‘NetWalker’ has extorted over USD$25 million. Then there is the ‘Conti’, which users a 256bit encryption to encrypt the data, it is claimed that the Conti hackers send an email from an address that is known and trusted by the victim. The behavior explained in Wikipedia states the following “Once on a system it will try to delete Volume Shadow Copies. It will try to terminate a number of services using Restart Manager to ensure it can encrypt files used by them. It will disable real-time monitor and uninstall the Windows Defender application. The default behavior is to encrypt all files on local and networked Server Message Block drives”.

Australian Cyber Security Centres (ACSC) Annual Cyber Threat Report 2019-20 provides a great perspective of the challenge in Australia. There have been 59,806 cybercrime reports at an average of 164 per day or approximately one report every 10 minutes. ACSC assesses ransomware as the highest threat. This assessment is based on the fact that ransomware requires minimal technical expertise, is low cost, today can be outsourced and can result in significant impact to an organisation, potentially crippling core business functions. Cybercriminals play the ‘game of patience’ by researching and understanding their target organisation before deploying the attack, part of the game plan is to breach the organisation, patiently collect sufficient valuable information for their negotiation before encrypting the file servers.

So, yes, it is a cliché, it’s not how, but when? The challenge for the Business Owners small and large, Entrepreneurs, and Board Directors is the same! You invest in good End Points Technology, discourage as much as possible BYOD’s (Bring your own devices to work), institute good policy, procedure, and education with your team without crippling their ability to do the work. In a recent article in the Sydney Morning Herlad written by Anthong Galloway who claims that in the near future “Company directors could be held personally responsible for cyber-attacks under new standards being discussed with industry as government research shows cybercrime is costing the Australian economy about $3.5 billion a year”. ZDNET advisors in their website (www.zdnet.com) that a story by the UK’s National Cyber Security Centre about how a business paid $ 6.5 million pounds then to be hacked again by the same gang two weeks later. So, the main concern many Business Owners and Directors of Boards would have is what is my fallback in the event of a data breach or a ransomware attack?

Checkpoint #2, When was the last time you had a business conversation with your ICT Partner about Cyber Safety?

Many ICT Partners are very proactive with their advice, adopting the ACSC’s Essential 8 is the minimum good ‘Governance of your ICT’.?

It does not need a rocket scientist to work it out that having a good backup is always a great start. In its most basic form ‘backup in technology’ is about having a copy of your data set that is independent of your ‘Production Copy’. Ideally, in today’s technology ecosystem, this copy of data should be in a NAS (Network Attached Storage) in a hidden share with separate credentials to the network administrators. The reason for independence is to be able to restore the original data in the event of a data loss. It is highly recommended if your ICT Partner can take the 3rd copy to their Data Centre to store it in the Cloud, today many good Backup Software providers have native integrations with sites like Azure, AWS, and Wasabi. Then the more astute Boards of Directors who believe in Business Continuity could request their ICT Partners to provision DRaaS (Disaster Recovery as a Service). DRaaS, few years ago was a costly experience, however, today Backup and Disaster Recovery Software vendors such as StorageCraft can deliver the DRaaS Service and enable it with less effort and cost-effectively.

Lastly, investing in “Immutable Storage” in your infrastructure will complete your ‘Data Protection Framework’. What immutability in the storage means that an “immutable object” is one whose state cannot be modified after its creation? StorageCraft a leader in the “server imaging” technology shares the following “as a last line of defense, companies must leverage backup and recovery processes with a well-defined frequency, as well as storage features like Continuous Data Protection, which takes immutable snapshots of the complete data set. Should a ransomware attack occur, encrypting the data and corrupting the primary file system, the snapshots are completely unaffected, immune from any modification or deletion. Recovery is quick, either from snapshots or backup images”.

Checkpoint #3 Do you have planned ‘Technology Review’ meetings with your ICT Partner?

Reflecting on the 2019 Ransomware attack on YMCA NSW, then the Deputy Chair, and also an Australian Company Directors Institute member says “In the not-for-profit world there is an assumption you won’t be targeted by cybersecurity attacks. It crippled us for three weeks”. (source: www.acidcompanydirectors.com.au) The YMCA-NSW is a not-for-profit youth organisation, that servers more than 40 communities. If a ransomware attack can take place in an organisation that serves the community, why would your business be different?

Still not sure if to invest in a ‘3:2:1 Backup Strategy with DRaaS (Disaster Recovery as a Service)’? Irrespective of how good your ICT Partner is, how well they service and support your business, remember they are Human, your business is going to have downtime. So, the following are a few Questions to Ponder!

A)????If my business servers are encrypted by a ‘Ransomware Breach’ in my current financial position, am I able to pay the ransom?

B)????What assurance do I have that once the ransom is paid, there is no residue in my servers for the Cybercriminals to breach me again?

C)????If I have a Ransomware Breach, how soon can my Team have access to our Business Data?

D)????Due to a Ransomware attack, if my business has an outage for 1-2 days what is the impact on the brand trust? ?dissatisfaction by the Customers! What is the cost of that downtime?

E)????Do I have a Cyber Security Insurance policy that will cover my commercial Loss?

Cybercriminals have no boundaries who they attack, then the responsibility is upon every one of us in the business community to be alert to anomalies irrespective of how “silly the issue seems” work with your ICT Partner to protect your organisation and always maintaining the internal education of the team very live and highly visible.

Spend 5min and take the Business Data Risk Survey > https://forms.gle/Pq99YdR5cy8cUbXp8

Cybersecurity is not a tick list item anymore, this is real.

Shamal Tennakoon (MBA, B Com, SCRUM Master) is a Business Strategist and a Technology Advisor. A specialist in developing simple and effective strategies for business growth and passionate about data protection in growth-centric businesses.?