The recent ransomware attack that crippled Waikato DHB’s IT systems and exposed private data to hackers should trigger major concerns for all businesses. This was not a one-off event; ransomware attacks happen regularly, affecting organisations large and small.
So, what makes ransomware attacks so dangerous?
Firstly, most modern IT systems are in the cloud and the cloud is accessible from anywhere - accounts, sensitive data and email history are all able to be accessed without passing through your firewall or protection software.
Second, Bitcoin and other cyber currencies make it possible for untraceable payments to be made anywhere in the world. There has never been a shortage of unscrupulous people globally but now we have enabled a ransom payment method that protects their anonymity.
Finally, cyberattacks have become more personal. Hackers work in the same way your legitimate IT administrator does on your network. Hackers usually take advantage of vulnerabilities which allow remote access from the outside world, such as phishing emails, or software that enables employees to work from home.
Waikato DHB chief executive Kevin Snee has been quoted as saying the working hypothesis on the network breach is that it came via an individual opening a piece of malware in their email inbox.
So how do you protect your business from these threats? You need multiple layers of security, including security software and business policies and personnel that can not only prevent attacks but also detect breaches once attackers are inside your system.
It is easiest to detect attacks in those first few days after they have broken in. Imagine a burglar breaks into a house in the dead of night. Until they figure out where everything is and what sort of security there is, they can potentially make a lot of noise as they bump into the furniture or set off alarms. On average, cyber attackers are in systems 11 days before they send a ransom note.
Security software alone is good but it’s all too easy to misunderstand the severity of alerts being generated. Your security people should be able to go; the alarm has been set off by somebody who just broke in, I need to go investigate.
Of course, the usual security measures must apply – antivirus, firewalls, cloud account security, all provide multiple layers of security that will detect many cyberattacks. Backups are vital to enable data recovery after an attack. Policies for storage of sensitive and private data are important and now legally required.
The good news is that with some preparation, almost all cyberattacks can be managed without crippling your business.
And remember, this applies to all, from the one-person business to the biggest corporate. Don’t let your business be the next newspaper headline.