Ransomware attacks are on the rise and are rapidly becoming the leading cyber risk for business ahead of data theft. Recent reported attacks in the UK include the Arran Brewery, S J Andrew and Sons, a steel stockholding and industrial supplies specialist, and Bristol Airport.
The Bristol airport attack, was apparently a speculative attempt to break into the computing system rather than a targeted attack specifically on Bristol Airport, but the result was that the airport’s Arrivals and Departures boards were down for two days. According to the airport spokesperson, this was “to contain the problem and avoid any further impact on more critical systems”.
In the case of the Arran Brewery, they decided to accept the loss of three months sales data rather than pay the 2 bitcoin ransom.
S J Andrew and Sons were also able to contain the attack after a member of staff had their machine compromised. Having a reliable backup meant that they were able to clean and restore their systems.
If something similar happened to your organisation, how would you cope? It only needs one back door for your organisation’s security to be compromised.
A ransomware attack may arise through attachments or links send via email, which appear legitimate but unleash ransomware or direct you to a legitimate looking site, which in the background is scanning your system for vulnerabilities to exploit to infect your system with ransomware or other malicious content. Some of these vulnerabilities may already have been identified and patches made available – which is why an effective patching regime is vital, as I discussed in a blog last month. If time is a problem, consider automating patching using tools such as SCCM, or use a patching service such as Fordway’s.
Here are three other practical tips to ensure that your organisation is prepared for the unexpected.
- Regularly assess your risk through vulnerability management and continuous monitoring, and ensure periodic independent third party reviews such as penetration testing, taking into account specific threats your organisation might face and vulnerabilities which, if combined, would allow lateral and undetected movement through the environment or raise a low or medium priority vulnerability to high.
- Ensure an appropriate level of security monitoring. Would you know if your business critical assets and sensitive data had been breached? As a minimum, monitor and analyse internet traffic flowing out of the organisation to help identify any potential compromises on internal systems.
- Adopt the mentality that one day you will be breached and as a minimum ensure you train your staff to be aware of the risk and have a cyber security incident response procedure in place, a back-up of all business critical systems and data (including data on mobile devices) and a disaster recovery plan. You should also test a restore of the backup and ensure that it is in a location that will not become encrypted should the system or service it is protecting become affected.
The attacks at S J Andrew and Sons and Bristol Airport were successfully contained. Would your organisation be able to cope if the same thing happened to you?
If you’re not sure, get in touch for a no-obligation security assessment.