CS Nov-Dec 2022
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ansomware<br />
Steve Forbes, Nominet: paying a ransom<br />
could make your business a bigger target<br />
in the future.<br />
Sam Curry, Cybereason: with ransomware<br />
attacks surging, the clock starts to<br />
immediately tick after ransomware has<br />
executed.<br />
lapse in judgement or concentration by<br />
a user who fails to spot a fake email, but<br />
also whether to pay or not is a decision only<br />
management can make. In the latter case,<br />
most people's natural reaction is likely to be<br />
to try to tough it out and pray that the IT<br />
team can get things back up and running.<br />
Unfortunately, the hackers have thought<br />
of that and typically built in the ticking<br />
timebomb factor, increasing pressure to<br />
cave in and pay up while there is still time<br />
for damage limitation," he says.<br />
In such situations, the management team<br />
finds itself between the proverbial rock and<br />
the hard place. "Stand firm and risk not just<br />
losing their entire OT systems, including<br />
business critical files and corporate data, but<br />
also the indirect costs, such as reputational<br />
damage and any incurred customer liability<br />
costs; or take the hit and move on as quickly<br />
as possible."<br />
In the end, adds Oakton, it all comes down<br />
to a simple cost/benefit decision, which<br />
usually means taking the least-worst financial<br />
impact option and giving in to the hacker's<br />
demands.<br />
"For its victims, ransomware holds some<br />
salutary lessons that need to be heeded, if<br />
they are going to avoid similar attacks in the<br />
future. Top of the list is: don't assume that<br />
you are now immune. Research has shown<br />
that hackers are very likely to be back to<br />
see if you have strengthened your defences.<br />
Next, ensure that you have a robust backup<br />
and recovery plan for all critical systems<br />
and, last but not least, put in place rigorous<br />
network management policies, backed by<br />
a programme of regular user education<br />
to engender a corporate culture of cyber<br />
awareness."<br />
ROBUST BACKUPS<br />
Steve Forbes, government cyber security<br />
expert, Nominet, picks up on the N<strong>CS</strong>C<br />
advice against paying a ransom, on the basis<br />
that there's no guarantee you'll actually have<br />
access restored, if you pay, and it could make<br />
your business a bigger target in the future.<br />
"But, if a worst-case scenario does happen,"<br />
he says, "and you hold out on paying a<br />
ransom, there are steps you can take to<br />
mitigate any damage and try to recover.<br />
"At a bare minimum, having robust backups<br />
on hand that have been tested and are<br />
resilient to malware is critical to get any<br />
impacted systems back online and<br />
operational in a quick manner. Ideally, this<br />
would be part of an incident response and<br />
crisis management plan that would be<br />
implemented at the first sign of trouble."<br />
Local authorities and national cyber<br />
agencies like the N<strong>CS</strong>C can also become<br />
a major lifeline in a ransomware situation,<br />
he adds. "They're the experts, and have all<br />
the procedures and actions in place to<br />
deploy when needed. Whether it's sharing<br />
technical advice for what to do or providing<br />
access to information, liaising with<br />
organisations like this can be invaluable.<br />
The quicker a business reaches out for help<br />
when disaster strikes, the better chance<br />
they have to recover and get back on track.<br />
Additionally, transparency with the authorities<br />
and any person or organisation that<br />
may be impacted by the incident is crucial.<br />
This can help to minimise reputational<br />
damage and reduce any fines that are<br />
imposed by regulatory bodies."<br />
Double extortion ransomware is another<br />
increasing trend for businesses to be wary<br />
of, where threat actors encrypt and hold<br />
hostage valuable data, putting additional<br />
pressure on them to pay up. "This is where,<br />
on top of having trusted backups, it is vital<br />
to have strong data encryption before it has<br />
a chance to be stolen, ensuring that, if an<br />
attacker is threatening to expose the data, it<br />
is at least protected," Forbes concludes.<br />
"Finally, organisations should ensure that only<br />
data that is required is retained, as this<br />
reduces the risk and impact, should any data<br />
be compromised."<br />
28<br />
computing security <strong>Nov</strong>/<strong>Dec</strong> <strong>2022</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk