At the start of the pandemic, it seemed like technology had an answer for every business challenge. Necessity led business leaders to accelerate the use of technology in the workplace and realise the advantages it yields.
However, it’s the very thing that has left many organisations facing a new type of business threat; a cyber-attack. Between January and June 2020 the Office of the Australian Information Commissioner announced a 153 per cent increase in ransomware attacks and impersonation (phishing) was up 47 per cent; SMEs account for 43 per cent of all cybercrime attacks.
Despite this, research reveals that CEOs of small to medium businesses still view cybersecurity in tactical terms and are failing to incorporate the protection of essential assets and data into their strategic planning.
The threat: ransomware
It’s estimated that ransomware crimes have demanded almost US$160 million from Australian organisations so far in 2020.
Ransomware is often unleashed as a result of phishing; a fraudulent communication disguised as being from a trustworthy entity that tricks the victim into clicking on a link or providing sensitive information such as usernames, passwords and credit card details. The hacker will proceed to lock and encrypt a victim’s computer or device data, then demand a ransom to restore access.
When it comes to cyberattacks, employees’ actions are often the first line of defence. And with flexible working arrangements becoming the norm, these types of attacks are more likely to occur as organisations have less visibility over employee online activity.
An attack-based approach
How do you beat a hacker? Think like one! Understanding the stages of a ransomware attack will ensure that an organisation can respond at each stage.
Predict
It’s crucial to have systems, tools, policies and procedures that detect vulnerabilities in systems and predict potential avenues of attack. For example, at Unisys, we conduct regular “tests” with our employees by sending fake phishing emails to see how employees respond and how many report it to the IT department.
Each test is an opportunity to educate and remind staff to remain vigilant.
Prevent
If there is a threat to internal systems, ensure there are means to fight them and processes in place that prevent damage, such as a corporate firewall.
Alternatively, a software-defined perimeter (SDP) solution protects sensitive data by ensuring the network is protected by microsegmentation, implementing dynamic isolation and employing industrial-grade encryption.
Detect
Ever watched a crime show where a criminal attempts to escape from jail, only to be caught by blaring lights and sirens while trying to jump the fence? SMEs must apply the same principle to the threat of a cyber-attack, except by ringing the alarms while the hacker is on their way in, not out.
A Security Incident and Event Management system (SIEM) will do just that. As a software application or hardware appliance, a SIEM monitors traffic to search for suspicious activity and known threats and sends alerts when it finds such items.
Respond
If a hacker does gain access into IT systems, SMEs need to be able to respond, contain and eradicate the threat as quickly as possible. By implementing a dynamic isolation strategy, any infected user logins, equipment or systems are isolated but are able to be configured and accessed by the operations team in a rapid manner.
For example, with dynamic isolation, organisations can automatically remove a device (or 10,000 devices, if needed) from the network at the same speed as the ransomware spread.
Following these steps can give a well-rounded perspective to risks and threats affecting organisations. Don’t be a victim. Instead, take the time now to reap the benefits later: predict, prevent, detect, respond and stay productive.
Ashwin Pal, Director of Cyber Security, Unisys
