Dangers of Ransomware
The latest ransomware attack to hit the news headlines in recent months is the attack on Garmin.
This is just one of many examples of very large organisations having to allegedly pay a ransom to decrypt their data and regain access to their systems. Attacks of this nature are based upon ‘criminal hackers’ gaining illegal access to IT infrastructure and encrypting key data and access to systems. The important point to note here is that this activity is highly profitable.
It’s organised crime on a large scale, with groups of attackers working together to maximise their profit. Don’t be fooled into thinking it’s just large corporates who are vulnerable to this, it isn’t! They will target randomly and attack those where there is a level of weakness and where they feel that a ransom could be paid in order to get systems working again.
How do you protect against a Ransomware attack?
You cannot protect yourself against an attack of this nature until you know the risk exposure that you face.
There are many reasons why organisations need to undertake a full security risk assessment, a key reason is linked to the legal compliance with GDPR (DPA 2018). However, the most obvious reason is that you need to understand:
- What information assets are at risk?
- What are the threats to those assets e.g. denial of service, data theft and data loss?
- What are the current vulnerabilities to these assets based upon the threats that exist?
Then and only then can you put together a mitigation plan to protect yourself from attack.
The key activities would likely include:
- Ascertaining the current vulnerabilities that may exist with your network infrastructure and key systems including websites and data repositories
- Reviewing all data sources and assessing their security levels
- Reviewing your back up and restore strategy, undertaking a disaster recovery test to ensure that you can restore from back ups.
- Backing up data to multiple locations, including cloud back ups
- Encrypting back ups to prevent access to data
- Ensuring that privileged access to internal systems is monitored and controlled
- Ensuring that all Endpoints are properly protected against malware and viruses
- Implementing network monitoring and intrusion detection
The point we would like to emphasise here is ‘prevention’ is the key to keeping your systems and data secure from these types of attack. If you can prevent them from happening then it’s obviously going to save you money but also keeps you compliant with the laws on data protection and avoids damaging your reputation.