It seems week after week there is another major cyber attack. If you have tuned into the business world or the cyber security space lately, you likely have heard of the damage some of these attacks had on big business and almost whole countries. Many small and medium size businesses assume that they will not be the victim of such an attack because of their size. This assumption is an incorrect and dangerous. When it comes to data, hackers do not discriminate. What’s important to these cybercriminals is not the size of the business but the data it holds.
Small businesses often have some larger organization as a client, and these more major organizations are usually the real target. Other times the attack on a small business may be part of a dragnet operation, and as a result of out-of-date systems, the small business gets targeted. The now famous case of Target’s data breach was the result of cyber criminals accessing Target’s network by stealing credentials from a small HVAC supplier in Pennsylvania. In the most recent ransomware attack, NotPeyta, financial technology firm MeDoc had been using compromised systems which lead to the spread of one of the most deadly ransomware to date.
One way or another your business will be in the crosshairs of a cyber criminal. The real question is will you be prepared to stop the attack? There is no silver bullet to stopping cyber attacks however there are some steps you can take that would better your chances of preventing a compromise in your network.
Ways to Protect Yourself
Updates & Support
One of the most ignored calls from experts is to keep systems up to date however by businesses large and small this warning goes ignored. Just after the NotPeyta attack, even the Better Business Bureau released a statement pushing for companies to update all their software. Some of the largest attacks this year could have been prevented if systems and software were promptly updated as soon as patches were released.
The now famous ransomware, WannaCry, was able to seize over 200,000 PCs that were running unsupported Windows XP for company operations. The attack even impacted the United Kingdom’s National Health Service (NHS). Microsoft had phased out support for Windows XP in 2014. However, there are still many businesses that use the software and have not invested for upgrades. Many businesses large and small did not see a risk in operating on unsupported systems. For those companies that do want to update their systems, there are usually either severe financial restraints or internal politics that prevent this.
The next major update to Windows 10, Microsoft plans to release is a direct response to NotPeyta and future malware like it. Microsoft has added a feature called Protected Folders which provides allows the user to detect malicious attempts to collect information from them. These are the types of security critical patches and features that users miss when they decide to ignore updates.
Your network produces all the information necessary to detect when there is abnormal behavior happening on your device or throughout the whole network. Ransomware often produces detectable behavior, but malware can only be caught if systems are in place to detect them. The identification of ransomware in action is why log data analysis is so important for breach detection. Even more important is the automation of log data analysis, and coordination of an automated response based on the severity of the breach. Analyzing log data may seem like it wouldn’t yield much data, but when it comes to ransomware experts have indicated that security and antivirus solutions equipped with detection capability could have prevented ransomware attacks such as WannaCry and NotPeyta.
An afterthought for some organizations, but backups are necessary right now. The NotPeyta cyberattack that struck worldwide was not built to extract a ransom; it was built for sabotage. NotPeyta didn’t just encrypt files it also deleted them. Cyber security experts are questioning if this was a state actor or if it was politically motivated criminals. Ransomware attacks can now put your operations on hold or completely shut down your business if you don’t have any way to recover the deleted data.
If you work with a hosting provider, be sure to check in with them about periodic backups of your data. If you run your servers and hosting on-premises, you should regularly backup your data to the cloud and external drives as well.
As an organization, your staff and managers can be your weakest link. Even the best security systems in the world cannot protect against people’s negligence. With the human element the potential of falling victim to an insider attack increases. Teramind’s Megan Thudium states:
“Employees are often unaware of common cyber security practices that they should follow, and even if they do know about them, they don’t realize how much non-compliance can affect the bottom line. Businesses that are successful at deterring insider threats, are those that have built a employee training program with full engagement from employees and upper management.”
The best defense against this ignorance is employee training to spot phishing attempts which can come in the forms of email, compromised advertisements, and application exploits. The more employees are aware of these phishing attempts, the more they can be another line of defense against ransomware in your organization.
Principle of Least Privilege
At the intersection of insiders and ransomware is something called ransomware-as-a-service (RaaS). Services selling ransomware allow people with little to no technical skills to install ransomware onto a machine or network. Who would do something like this? Well disgruntled employees for one, or people in your organization going through rough financial times to name another. If a malicious actor in your company uses RaaS, they will be able to bypass most security layers to accomplish their goals.
There are many ways to try to block malicious actors as described above in your organization however one of the most effective is restricting privileges to only what they need to do their job. So, for example, an Accountant who handles your payroll typically will not need the ability to install anything on their workstation. In this situation, if a need does arise they can reach out to the IT administrator which may be you, the owner. The principle of least privilege is not a 100% method to block malicious actors, but it does prevent a lot of them from installing ransomware on your system.
Ransomware is here to stay, which means the stakes are higher now more than ever before. Protecting the data of your business should be a strategic priority. The benefits of doing so will extend beyond your organization into the supply chains you become integrated into. Also, keep in mind cyber criminals do not care about how large or small a business is, they care about the data it holds. The recent NotPeyta attack demonstrates that some attackers just want sabotage. Don’t fall victim to these attacks and take proper measures to protect yourself from ransomware.