RiskUKApril2017

More documents

Recommendations

Info

Ransomware is a constantly growing threat and a highly effective one. Osterman research from 2016 found that ransomware was used to target 54% of UK organisations, with more than half paying the ransom. Of those who didn’t pay, nearly a third ended up losing their data. Wieland Age looks at why defeating ransomware is so important in today’s education sector An Education on Ransomware Last year, Locky spawned a file-encrypting epidemic. Since then, it has become the most prevalent ransomware on the planet. Targeting universities among many other large institutions, its continuous, pitch-perfect campaigns demonstrate how organised crime is digitising faster and more successfully than many ‘legitimate’ enterprises. This emergence of Locky, which represents a new strain of ransomware, demonstrates just how successful cyber criminals are becoming at mastering the digital transformation agenda. Locky’s creators invested significant time and resources in product development, identifying the best user interface, performance and encryption security protocols. So much so, in fact, that the FBI actually recommended victims pay any demanded ransom in order to gain the correct decryption code. To support their programme, the criminals even created a ‘Customer Help Centre’ to handle sales and support. If victims have problems decrypting their data, online ‘staff’ are on-hand via chat rooms to walk ‘customers’ through the process. This ensures that there are no negative social media reports from victims who, having paid up, are then unable to regain access to their data files. When it comes to propagating Locky, the online criminals have done their homework. In December, their latest phishing campaign reached millions of victims in over 100 countries within days. Most start-ups would be overwhelmed by such success, but the distributors of Locky have created a highly mature online infrastructure designed to manage high volumes of payments and enquiries – in multiple languages – from the victims whom they target. Education: an unlikely target? IT professionals operating in educational institutions have been slow to adopt ransomware defences, perhaps because there has been an unfounded misconception that they’re unlikely to be targeted. If that used to be the case, it’s certainly not true any more. Bournemouth University was hit by no less than 21 ransomware attacks last year, while Los Angeles College was recently forced to pay a $28,000 ransom to unlock critical data and systems following a ransomware attack. It’s shocking, but not altogether uncommon. In many ways, educational establishments are a logical target for malicious attackers. With whole campuses full of independent, computer-based study being carried out by students, these younger users could be perceived to be less wary of suspicious e-mails, attachments and websites. Compound this with the fact that each one of these thousands of pupils likely has multiple devices, all connected to the institution’s network, and it’s easy to see how hackers might view schools, colleges and universities as low hanging fruit. Millions of highly sensitive records, treasured works and confidential details, combined with a very real need to aintain their reputations as trusted organisations, mean that educational institutions are seen by many as easy pickings. Education sector IT budgets don’t normally include blank cheques for combating cyber criminals, so investing in anti-ransomware measures should be a priority for any educational organisation wanting to avoid a nasty and expensive surprise. Fortunately, it’s possible to halt digital attacks with a combination of the right security measures and user awareness. Raising awareness Most ransomware attacks begin with an e-mail containing malicious links or attachments. Consequently, to reduce the likelihood of a successful attack, it’s imperative to ensure staff and students know all about the dangers of ransomware, understand how to practise safe computing and can recognise the indicators of malicious e-mails. It’s also important to maintain awareness by implementing a programme of regular reminders. 30 www.risk-uk.com
Education Sector Safety and Security: Mitigating The Ransomware Threat The three key messages that users should take away from training are: • Don’t open suspicious e-mails. Treat anything ‘out of the ordinary’ as a potential attack, even when coming from a trusted source. If possible, contact known senders separately to confirm an e-mail is authentic before opening it • learn to spot ‘red flags’ including poor spelling/grammar in supposedly professional e-mails, e-mails received at strange hours, misspelled domains that look convincing (A.Anderson@gmoil.com) and buttons and links in the e-mail connecting to suspicious URLs. To check this, hover the cursor over the link or button and the URL will appear at the bottom left of the window • when in doubt, delete the communication Secure your network Effective user training can help to prevent many attacks, but keeping the network free of malware also requires a combination of effective perimeter filtering, specially-designed network architecture and the ability to detect and eliminate resident malware that may already be inside the host network. Attackers can be prevented from entering the network by a next generation firewall or e-mail gateway solution that filters out most threats. The best solutions will scan incoming traffic using signature matching, advanced heuristics, behavioural analysis and sandboxing and have the ability to correlate findings with real-time global threat intelligence. When looking at the IT estate, make sure you can control and segment network access to minimise the spread of any threats that may enter. Ensure that students can only spread malware within their own limited domain, while also segmenting. You might need to allow admin staff, teachers and guests to each have limited or specific access to online resources. Start off with a clean slate. The existing infrastructure likely contains a number of latent threats. For their part, e-mail inboxes are full of malicious attachments and links just waiting to be clicked on. All applications – whether locally hosted or cloud-based – must be regularly scanned and patched for vulnerabilities. Serious back-up plan When a ransomware attack succeeds, critical files – HR, payroll, grades, health records, confidential student files, e-mail records and so on – will be encrypted. The only way to obtain the decryption key is to pay the ransom. However, if you’ve been diligent enough about implementing and correctly running a back-up system, you can simply ignore the “Some organisations may be committed to a legacy ‘onpremises’ back-up solution. If so, it’s worth starting the planning phase to transition towards a cloud-based system” ransom demand and restore your files from your most recent back-up. Your attackers will then have to find someone else to rob. Automated, cloud-based back-up services will provide the greatest security for data. For budgetary or other reasons, some educational organisations may be committed to a legacy, ‘on-premises’ back-up solution. If so, it’s worth starting the planning phase to transition towards a cloud-based system. In the meantime, on-premises systems can be configured to back-up files regularly throughout the day. Admins should also be extremely diligent about moving current backups to a secure, off-site location every evening. Many digital security experts believe that ransomware is set to evolve and make up the majority of cyber attacks in 2017. Given that the pursuit of profit is the primary motivation for most criminals, it’s perhaps not surprising that ransomware’s popularity has continued to grow. Simply put, ransomware is the easiest and most effective way in which to extort money from businesses of all sizes. Educational institutions face this threat, as do banks, hospitals, retailers and even Governments. Future UK workforce While the tips and tricks outlined here are easily actionable as part of educational organisations’ battles against ransomware, only recently has there been a particular spotlight on the digital skills of the nation’s children who are growing to become young people within a world dominated by IT and the Internet. In March, the Communications Committee for the House of Lords reported that learning Internet safety should be a top educational priority, alongside literacy and mathematics. For his part, Lord Best issued recommendations building on findings from the Children’s Commissioner that “digital literacy should be the fourth pillar of a child’s education alongside reading, writing and mathematics and be resourced and taught accordingly”. Half of all law-breaking in the UK now happens online and, while there’s little doubt that children are indeed becoming increasingly digitally literate, this House of Lords report rightly points to the fact that the education system isn’t yet equipping them with decent enough levels of digital knowledge before they leave school and form our next workforce. Wieland Age: General Manager (EMEA) at Barracuda Networks 31 www.risk-uk.com
Page 1 and 2: April 2017 www.risk-uk.com Security
Page 3 and 4: April 2017 Contents 35 Smart About
Page 5 and 6: Editorial Comment Don’t just stop
Page 7 and 8: News Update National Security Inspe
Page 9 and 10: News Analysis: National Surveillanc
Page 11 and 12: Opinion: Physical Security as a Ser
Page 13 and 14: Always a suitable solution with the
Page 15 and 16: Opinion: Security’s VERTEX Voice
Page 17 and 18: BSIA Briefing Last year, the Nation
Page 20 and 21: ERM and ESRM: Can They Continue to
Page 22 and 23: Status Symbol: The Chartered Securi
Page 24 and 25: Physical Security Information Manag
Page 27 and 28: The Insider Threat: Technical Surve
Page 29: Institute of Risk Management Are yo
Page 33 and 34: Education Sector Safety and Securit
Page 35 and 36: Access Control: Integrated Business
Page 37 and 38: 4 July 2017 Hilton London Canary Wh
Page 39 and 40: Risk Management in the Construction
Page 41 and 42: CCTV and Surveillance: HD Technolog
Page 43 and 44: Power Supply Continuity and Managem
Page 45 and 46: Insurance Rewards for Managing Secu
Page 47 and 48: Because one size The most compreh
Page 49 and 50: The Security Institute’s View cla
Page 51 and 52: In the Spotlight: ASIS Internationa
Page 53 and 54: FIA Technical Briefing: Fire Detect
Page 55 and 56: Security Services: Best Practice Ca
Page 57 and 58: Cyber Security: Mitigating Risks Po
Page 59 and 60: Training and Career Development str
Page 61 and 62: Risk in Action Porthcawl’s RNLI:
Page 63 and 64: Technology in Focus Disruptive tech
Page 65 and 66: Appointments Joey Hambidge Skills f
Page 67 and 68: 20 - 22 JUNE 2017 EXCEL LONDON, UK
Page 69 and 70: CCTV CONTROL ROOM & MONITORING SERV
Page 71 and 72: SECURITY CASH & VALUABLES IN TRANSI

RiskUKApril2017

Create successful ePaper yourself

Delete template?

Save as template?