Ransomware attacks are becoming increasingly more targeted and sophisticated – ©123RF.com
The logistics of cybersecurity – By John Donovan
According to the latest (at the time of writing) Cert NZ quarterly report from 1 July to 30 September 2019, 562 organisation incident reports were made – up 16% from the previous quarter. This equates to more than $1.8 million in reported direct financial losses for New Zealand businesses in the quarter, bringing the total losses for businesses during the first three-quarters of 2019 to $4.4 million.
While the transport, postal/warehousing and manufacturing sectors accounted for less than 4% of organisation incident reports, it doesn’t mean the industry can relax its cybersecurity efforts. Cybercriminals are increasingly turning to supply chain and logistics companies as the target of their attacks. In February this year, a well-known Australian logistics provider became the victim of a ransomware attack that brought the company to a grinding halt, forcing it to take its services offline. Don’t expect this to be an isolated incident.
It is more important than ever to ensure that organisations in these sectors are able to combat incoming attacks by having updated cybersecurity strategies in place.
Prepare for what’s coming
Ransomware, which locks the victim’s files so they’re unable to be accessed, remains one of the most common attacks deployed by cybercriminals. The attacker offers to unlock the files after receiving payment from the victim, making ransomware arguably one of the most damaging and disruptive cyber threats that can befall a business.
Ransomware attacks are becoming increasingly more targeted and sophisticated. Attackers are abandoning the ‘spray and pray’ methodology for a much more personalised approach. This includes developing personalised communications to trick people into clicking a link or downloading a malicious file that installs the ransomware.
While the footprint of a targeted attack is small, it can extract more money or valuable information from a single victim than a widely distributed campaign.
When protecting an organisation, a good place to start is by implementing a powerful anti-ransomware tool, while also making use of general best practices to stay safe.
Here are five best practices to block ransomware in an organisation:
1. Ensure the right protection is in place
This should include a high-performance next-generation firewall intrusion prevention system (IPS) that includes seamless file decryption, sandboxing encryption, and backup.
2. Reduce the surface area of attacksWhere possible, use a virtual private network (VPN) to access resources on the internal network from outside rather than port-forwarding. In addition, make sure open ports are secured by applying suitable IPS protection to the rules governing that traffic.
3. Apply sandboxing to web and email traffic‘Sandboxing’ is a software management strategy that isolates applications from critical system resources and other programs, and ensures all suspicious active files that come in through web downloads and as email attachments are being suitably analysed for malicious behaviour before they get onto the network. As part of this, disable macros in document attachments received via email, which will stop a huge number of infections in their tracks.
4. Automatically isolate infected systemsIt’s important that a company’s IT security solution can quickly identify compromised systems and automatically isolate them until they can be cleaned up (either automatically or through manual intervention).
5. Stay up to dateMalware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, internet browsers, Flash, and more. If an organisation stays up to date on patching, it’ll be far less vulnerable to potential exploits.
Leadership sets the cybersecurity agenda
While investing in cybersecurity technologies and following best practice is a good starting point, it doesn’t stop there.
Cybersecurity must be driven by an organisation’s leadership team to build a cybersecurity-aware culture, including the implementation and review of a cybersecurity strategy. If a business’s leaders fail to emphasise the importance of cybersecurity, it’s unlikely the rest of the organisation will.
Earlier I mentioned the latest Cert NZ report, which revealed that 562 organisation incident reports had been made; this should serve as a timely reminder that all businesses, regardless of industry, need to take security seriously. Sadly, that doesn’t appear to be the case.
The key to a proactive cybersecurity strategy lies in staff awareness and education – ©123RF.com
Research from Sophos suggests that cybersecurity isn’t prioritised by business leaders unless a company falls victim to an attack. The research found one of the top cybersecurity frustrations faced by IT professionals is that executives assume cybersecurity is easy. Another is budget, with one-third of respondents reporting cybersecurity is frequently relegated in priority, with inadequate allocation of budget.
The mindset of an organisation’s leadership team can set the culture for its entire staff. Therefore, the onus is on business leaders to take their organisation’s security seriously, helping to set the right attitudes, culture and processes to keep it secure.
Alarmingly, according to a report by the New Zealand National Cyber Security Centre, only 38% of organisations have some separation between their cybersecurity budget and regular IT budget. This lack of separation often results in cybersecurity budgets being used for non-security related IT purposes and limits the ability to track return on cybersecurity investments. Additionally, this sees IT professionals shouldering the responsibility for cybersecurity, despite lacking the appropriate expertise and being overloaded with other responsibilities.
Understand the importance of cybersecurity and prioritise itCybercriminals are constantly evolving, so our tactics to counter them need to change as well.
Organisations can’t afford to rely on overworked and underskilled workers when it comes to their security.
New Zealand businesses need to address the issue of cybersecurity being frequently relegated in priority. Without improved efficiency and effectiveness of cybersecurity investments, organisations will continue to slip into a downward spiral of chasing quick fixes for new threats. Companies will experience sub-optimal results for spending and struggle to be proactive. Instead, they’ll have to repeatedly react to incidents and breaches.
Staff awareness and educationCybersecurity is not just a matter for business leaders. It is only effectively prioritised when its importance is understood by all staff. Therefore, the key to a proactive cybersecurity strategy lies in staff awareness and education. Business leaders should think of employees as the gatekeepers to the network, and education as the first line of defence to keep it safe.
With human error as the main cause of New Zealand’s privacy breaches, it’s time for organisations to seriously consider and understand the threats this vulnerability represents. It’s no longer enough to rely on the latest and greatest technology. We need to be pre-empting the next attack, with everyone in the business knowing the appropriate steps to take to minimise harm.
A cybersecurity-aware culture that values staff education and invests in a holistic cybersecurity strategy is critical. Business leaders need to take a multi-faceted approach, comprising education, technology and constant innovation.
John Donovan is the Australia and New Zealand managing director at Sophos, a global leader in next-generation cybersecurity, protecting more than 400,000 organisations in more than 150 countries around the world.