As the recent attack on Ireland’s Health Service (HSE, bbc.co.uk/news/world-europe) by cyber-criminals emphasised, cyber attacks, particularly RansomWare, are on the rise and becoming increasingly high profile. But it’s not just enterprise sized organisations that are the target of cybercrime, they are the simply the ones making the news.
A recent survey found that 43% of cyber-attacks target Small and Medium Businesses (SMBs)*. Just under half of all attacks. And that’s because these Businesses are low-hanging fruit for cyber-criminals. Whereas Cyber-criminals expect enterprise level Corporations to have tougher firewalls in place, SME’s represent the quick win. As the thinking goes they will skimp on robust security for their network, and don’t expect to be prime targets. They’re hiding in plain sight.
In August, we launched the ‘10 steps over 10 days’, an educational social campaign for SMBs to increase their vigilance, knowledge and understanding of RansomWare attacks, with steps to take to increase their network protection. These ideas came from our front line engineers, who are experts in the cyber security field, and a few tips were taken from the National Cyber Security Centre too (ncsc.gov.uk), because they’re the good guys too. Like us. And just to be helpful, we’ve put all these steps together below, for your convenience.
Steps 8 – 10 will focus on what to do in the worst-case scenarios. These are response controls to take if you are responding to a RansomWare attack.
Day 1:
91% of cyber-attacks start with an email. Ransomware is still most often spread through phishing emails (a scam where criminals try and impersonate legitimate requests for money or info). Secure Email Gateways (SEG) and secure web gateways with Firewalls and Endpoint security. Solutions are a great form of defence. But so is education. Your biggest weakness into your network is still your employees. And the reason? Because it’s easy to fall victim to a phishing email. They’ve become more sophisticated and better disguised than the original set of Hotmail emails claiming to be Nigerian Princes. Now it’s Santander, HMRC and Royal Mail lookalikes. What’s more, it only takes one employee to compromise an entire network. So make sure the ‘human firewall’ at your business is sufficiently trained to spot suspect activity and alert IT, and have a sophisticated action plan in place to flag phishing emails with your IT or Managed IT Service provider.
Day 2:
You’ve trained your employees to be vigilant but passwords are still a sore point.
Employees reuse the same passwords, they use easy-to-hack passwords and they don’t keep them safe. Unfortunately, this should just be accepted as fact. In any given organisation it only takes one person for the above to apply and they compromise the entire network. Weak or stolen passwords are a top entry point for hackers.
The short of it is you shouldn’t only be relying on your employees to keep the keys to the Castle. Act by implementing Microsoft Single sign-on (SSO). Your teams can use just one set of login credentials to conveniently access all their apps. No more memorising multiple credentials or reusing passwords, or worse, having them written down!
Day 3:
In addition to beefing up password security, use MULTI-FACTOR AUTHENTICATION to make it far more difficult for attackers to obtain and use stolen credentials. This is a way of ‘doubling up’ on security by asking a user to identify themselves to the company network. They will verify themselves using a code sent to their mobile phone, email address, or from an authenticator app.
Day 4:
Install NETWORK AND ENDPOINT MONITORING! This can detect Ransomware infections and provide an early warning. Systems might include a security information and event management system (SIEM) that is capable of combining and analysing multiple data feeds to increase visibility across the business. Next-generation endpoint security products can also play an important role in detecting ransomware attacks.
Day 5:
Is your printer the key for cyber criminals to unlock your Company’s security network? Protection always requires vigilance. Spot security blind spots in your company before cyber-criminals do. Even an unsecured printer provides an open door into your network. Vulnerability scanning and running patches on a schedule to fix discovered weaknesses are good practices, especially for Microsoft Windows systems.
As a Managed Print specialist (they work alongside our IT), we know more than most about the importance of including your printers in your network security scans.
Day 6:
2020 was a very good year for RansomWare attackers. The number of companies willing to pay increased, as did the size of the pay-outs.
£13,400 was the average amount paid out by small and medium sized businesses. Let that sink in.
About 32% of breaches involve phishing, and many phishing attacks include malicious links to fake websites. The use of URL phishing emails is popular and effective. However, only 57% of organisations have URL protection in place. Gateways are very effective at protecting against mass URL phishing attacks. Gateways deploy URL filtering and URL rewrite technologies, which grant the ability to check whether or not the destinations of the URLs are safe, to block access to malicious website links distributed via email. Read
Day 7:
Instal antivirus software. Cannot reiterate that enough. And make sure it’s a from reputable brand and kept up-to-date.
Computer viruses and malware are everywhere. Antivirus products protect your computer against unauthorised code or software that may threaten your business network. Viruses often have easy-to-spot effects – like slowing your computer or deleted key files – or they may be less obvious. Read our Smart IT investments for guidance around buying solutions that could benefit your business.
Day 8:
These steps are the response controls to take if you are responding to a RansomWare attack.
The very first thing to do is to take a photo of the Ransomware message (you may need it later to restore your data and for the police).
Then turn off the infected computer and unplug it from the network and the power outlet. You want to isolate it from the network as quickly as possible. If an infected computer is powered off and unplugged, it’s not talking to anything else. Leaving the computer online risks allowing the ransomware to spread and cause more damage. This, of course, gets more complicated if multiple devices or servers are compromised.
Next, get help. Notify your Managed Service Provider (MSP) or IT department ASAP. They’ll have greater visibility on the risk of spread. Savvy technology teams may even be able to obtain a free key that can unlock your data by visiting the site Nomoreransom.org, contacting your anti-malware provider or law enforcement.
Day 9:
Do you have a plan B in a worst case scenario? Well-documented procedures and supporting solutions can make responding to a ransomware attack far easier and faster: BACKUP & RECOVERY PROCESSES supported by separate backups of all critical systems will enable you to bring infected systems back online much faster.
It’s imperative that these backups are isolated and can’t themselves be impacted in the event of an attack. In addition, backups should be periodically tested to ensure data can be restored quickly and easily. Back-up-as-a-Service, and Disaster Recovery-as-a-service can be requested as add-ons to Azure Virtual Desktop.
Day 10:
Don’t let embarrassment or fear keep you from alerting people who can help. Responding to a RansomWare attack requires mature incident response procedures that are rehearsed regularly so that every team member knows their responsibilities. This should go beyond the obvious IT and security personnel to include MANAGEMENT, HR your LEGAL representative as well as other important stakeholders. Notify your Managed Service Provider (MSP) and the Police immediately. Keeping an attack a secret can have big consequences. Some organisations are legally required to report data breaches. Don’t be quick to pay the ransom either. You may be able to get a free key, and there is a slim chance that your files are not encrypted. Some ransomware attacks are merely an attempt to scare you into paying a ransom even though the data is not actually encrypted.
If you’ve read through these, thanks 😂. But if you feel like you could benefit from a network security assessment, please fill out the form here for a no obligation vulnerability assessment. It will simply provide an overview of all your strengths and weaknesses (if any), and if you wish you can request the recommendations report to accompany it.
For anything else please email me to find out more about how I can help your Business at conor@kbsgroup.co.uk.
*Hiscox Cyber-security report