TECH TALK: Companies need to know how to respond when their systems are compromised, says MARK GIBSON
When the worst happens, who are you gonna call? The answer is not Ghostbusters. If you are over 40 and started humming the tune to the Ray Parker Jr classic from the 1984 comedy film, then this is where it gets serious. The plot follows the new business start-up ‘Ghostbusters,’ a ghost removal service. After struggling to get on their feet, they investigate the strange happenings in a New York apartment, and discover that the entire city is besieged by ghosts and otherworldly demons through a portal in the Central Park building.
As we’ve just marked Hallowe’en, it got me thinking about how this film is a great analogy to the current threat from cyberattacks, particularly ransomware.
Replace the ghosts and ghouls with criminal gangs who manifest themselves as hackers. The portal where they enter the apartment being points of compromise in an organisation’s information security, or just individual failure. The subsequent catastrophic events that lead to a city-wide meltdown, fuelling a multi-film franchise, is easy to relate to a serious data breach or cyber-attack.
‘Remediation’ or ‘fixing stuff’ post-event is challenging, costly and in the extreme can totally debilitate an organisation. Planning pre and post cyber-attack is crucial.
Whilst a recent survey of chief information security officers found more than two-thirds of organisations expected to be challenged by a ransomware attack, my observation is that most of the emphasis and effort is still directed at prevention, with much less focus on the immediate aftermath of an attack. While investing in technology or education and controls are key to preventing an attack, there is no silver bullet and many are still failing to prepare for an increasingly common scenario.
In recent weeks, Government Communications Headquarters (GCHQ) reported that ransomware attacks in the UK have doubled, being described by its director Sir Jeremy Fleming as “largely uncontested” and “highly profitable”.
Closer to home in Scotland, in the last week we saw the widespread coverage of the report into the Scottish Environmental Protection Agency’s (SEPA) well-publicised ransomware attack, which crippled the organisation last Christmas. This was a cyber-attack displaying significant stealth and malicious sophistication, according to Police Scotland.
To his credit, the CEO of SEPA has been very open in his comments and organisational learnings under tremendous scrutiny. ‘Be Ready’ was his sentiment – even large public bodies and corporations who have adequate security in place are being compromised.
Ransomware, in its simplest form, is a targeted virus that employs encryption (clever code that locks up access to data) to hold a victim’s information to ransom. An organisation’s critical data is rendered inaccessible so that they cannot access files, databases, or even third party applications such as payroll or manufacturing systems. What then follows is the ‘ransom’ demand, which is typically a request for untraceable crypto currency, to provide access.
With the increasingly available access to cyber hacking tools and cryptocurrency payment mechanisms, facilitated by the adoption of digital banking, industry analysts and law enforcement specialists all point to a continuing rise in the frequency, intensity and sophistication of ransomware attacks.
When it comes to ransomware, your company size or industry is not a factor. The bad guys – cyber criminals – don’t discriminate, so no sector is immune.
I predict 2022 will be the year cyber remediation becomes much more of a key topic of discussion and focus.
As part of your business continuity strategy (you have one, right?), consider some scenarios and play them out. This should include who’s in your network of advisers and experts, as there is no substitute for experience with this emerging and growing problem. Experienced cyber-attack incident response is key.
Would your team know what their first steps should be on discovering that your network has been compromised? What should you prioritise to limit the amount of damage caused by the breach? How do you alert key staff? Who do you turn to for immediate support?
Who are YOU gonna call?
Mark Gibson is managing director of Capito and was named a winner of Growing Business Intelligence’s “SME Leaders 20”