Every day, people are bombarded with more news about cybercrime. Juniper Research (2015) estimates the cost of cybercrime will climb to an estimated US $2.1 trillion by 2019, far exceeding the revenue generated by more traditional criminal activity, such as the drug trade, estimated at US $600 billion (James, 2015).
According to Kaspersky Lab (2016), the number of ransomware attacks targeting organisations tripled from January to September 2016, affecting one in every five businesses worldwide. They estimated a ransomware attack on businesses occurred once every 40 seconds, and for consumers once every 10 seconds.
What is Cyberextortion and Ransomware?
Cyberextortion is an attack or threat that is tied to a demand for money to prevent or stop the attack. Cybercriminals implement ransomware that encrypts data on files, preventing users from gaining access. The ransomware contains a demand for payment to obtain the decryption key to unlock the system. These payments are routed through untraceable digital currencies, via SMS, Bitcoin or simply using cash transfer systems.
Surprisingly, many enterprises and individuals pay the ransom, finding it cheaper and timelier than trying to break the encryption, only to find out that payment of the ransom does not always guarantee the cybercriminals will provide the decryption key. The IBM X-Force Ransomware report issued in December 2016 found 70 percent of US businesses paid hackers to regain access to their files. The majority of these businesses paid more than US $10,000 and 20 percent paid more than US $40,000.
Currently, ransomware cybercriminals are targeting the desktop and Android phone devices of both individuals and organisations in North America and Europe, where there is a higher likelihood of the ransom being paid. But do not be fooled that this is not happening on Australian shores. In 2016, TrendMicro reported more than 1.1 million ransomware threats were detected in Australia from January to June.
Cybercriminals use a variety of techniques, including social engineering, email and web pop-ups. The CTB-Locker, discovered by McAfee in 2015, led to a rise in attacks, using malware as a common distribution method, as well as enabling it to be easily added to phishing campaigns. Recently, ransomware has been detected in content management systems, such as Joomla! and WordPress. And the SynoLocker strain of ransomware targets network storage devices.
Protecting your Business from becoming a Victim of Cyberextortion
There are a number of requirements businesses and IT professionals should consider and understand in order to protect the most valuable assets and data from being stolen. Education and security awareness training is also needed throughout the organisation so that employees are vigilant and cautious with links and attachments in unsolicited emails, and avoid clicking on pop-ups on websites.
In conjunction with ISACA’s Cybercrime: Defending Your Enterprise white paper released earlier this year, here is a top 10 list to minimise the risk:
- Know what constitutes your enterprise data – understand the data that you own and what is at risk.
- Back up enterprise data – then back it up again. Create data backups regularly. After successfully backing up the data, disconnect the backup storage device until backing up again, or consider using the cloud to backup data.
- Conduct re-occurring security awareness training – implement brief quarterly blocks of training that focus on preventing phishing, waterholing and other social engineering attacks.
- Restrict network access according to the principle of least privilege – ensure that administrators and employees only have access and privileges on the network that are necessary for them to perform their jobs.
- Employ the appropriate technical tools to mitigate intrusions – ensure the use of robust firewalls, intrusion detection systems, end-point protection and anti-virus technology.
- Evaluate security settings of web browsers and email software to ensure that they provide an appropriate level of security to meet business requirements (for example, auto scanning of all attachments and whitelisting websites).
- Update software patches regularly – patch on a regular, organisationally defined basis.
- Apply distributed denial of service (DDoS) armour – invest in DDoS attack protection to be able to absorb DDoS attacks without significant system degradation.
- Develop an enterprise incident response plan – create a plan and exercise it regularly across all departments to ensure effective communication and maintain basic continuity of operations.
- Use a web pop-up blocker to prevent clicking on infected ads.
What to do if your Business has been Attacked
Hopefully, with the processes and protocols in place, your organisation will not become another statistic or make headline news. However, if an employee at your business is successfully targeted, a quick response is needed by the employee, hence the value of security awareness training. Your organisation will need to activate its incident response plan, including alerting the service desk so it can contain the impact and prevent others in your business from falling victim. The IT professionals will also need to initiate recovery of data from backup and restoration of the operation system and applications from a reliable copy, once the attack has been isolated and thoroughly cleansed.
Over the last 25 years, cybercrime silently evolved from an abstract idea into tangible, real threats to corporations. Until global cooperation from both public and private sectors can adequately combat cybercrime, just as businesses capitalise and use technology to enhance services and remain competitive, so too will cybercriminals.
Keeping current with the latest threats and updating the incident response plan and security awareness training is just as important as updating quarterly sales forecasts and business plans.
For a full list of references, email firstname.lastname@example.org