by Jason Allen
With three major companies in our industry hit with costly and disruptive ransomware attacks over the last few weeks, we’ve put together a primer and ‘how-to’ in order to protect Australian businesses from this widespread threat. In the current climate, a ransomware attack will be enough to send most businesses in our industry into bankruptcy.
Don’t think it’s just the big companies that need to protect themselves; ransomware attacks affect everyone from the sole trader to the biggest manufacturer. British cyber security firm Sophos published a white paper in May that contains the results of an independent study of 5,000 IT managers across 26 countries, including 200 respondents from Australia. The statistics are sobering.
The survey showed that 51% of all types of organisations were hit by ransomware attacks in the year to February 2020. 47% of those had 100 -1000 employees, so it’s not just about big corporate targets. Worryingly for our industry, ‘media, leisure, and entertainment’ report the highest level of attacks at 60%. Australia sits around the middle of the list nations targeted. With just 17% of businesses in Australia preventing their data being encrypted in an attack, we are woefully behind in our implementation of anti-ransomware measures. Even worse, Australia has the world’s third highest remediation cost to clean up the aftermath, with the bill coming in at an eye-watering average of $1.5 million AUD.
Having some form of cybersecurity insurance is now the norm, with 82% of Australian organisations reporting that they have it. However, only 65% of those have cybersecurity insurance that covers ransomware.
The most common vector for a ransomware attack is via either a malicious link or attachment in an email, with 45% of attacks originating from this technique. This highlights the absolute imperative to educate your staff in how to spot malicious emails. The second most common was remote attacks on servers.
Here’s Sophos’ list of actions you should take immediately to reduce the risk of damage to your business:
1 – Invest in anti-ransomware technology to stop unauthorized encryption
2 – Protect data wherever it’s held – almost six in 10 ransomware attacks that successfully encrypted data include data in the public cloud. Your strategy should include protecting data in the public cloud, private cloud, and on-premises.
3- Make regular backups and store offsite and offline.
4 – Ensure your cyber insurance covers ransomware.
5 – Deploy a layered defence.
For a local perspective, we asked George Kostopoulos, the owner of event IT specialists Beyond Network Solutions for his recommendations for Australian companies:
Create several back-ups of your data a day to several different locations, both on-site and off site, that are disconnected from your servers. Even cloud servers need to be backed up, and need virtual firewalls and antivirus protection.
Educate your staff. This could involve bringing them in to create a realistic scenario using existing I.T infrastructure. Teach them how to spot fake emails and malicious links, and how understand how files function on computers. From there, help them to spot signs that they’re the core of the attack by looking out for suspicious computer activity; their computer running a lot slower than normal, for example.
Segregate your network. Separate guests from internal staff, separate IoT devices, and put servers into their own network. Allow users to access only the devices that they actually need.
Use the right firewall. Some devices advertise their firewall capabilities, but out-of-the box, they’re usually wide open. You’ll need to configure the device, allowing what you actually need and closing what you don’t. We recommend known brands for firewall and security, not brands that have these options but don’t specialise in it. Recommended brands include Sophos, Fortinet, Cisco, Palo Alto, Juniper, and Watchguard. Brands like Ubiquiti, for example, aren’t proper firewall solutions. The top brands are actively looking for new security threats and helping patch them. They are often aligned with an antivirus company that gets real-time threat reports back from their antivirus client installed on people’s computers.
Use an antivirus solution that aligns with your firewall appliance on your network. This part is really important and is one of the main reasons why we decided to become Sophos Partners. It’s all fine and dandy to have the best network firewall, but your devices aren’t always on your network when an attack happens. With Sophos’ Intercept X, it’s on your device actively protecting you. Once it discovers something unsafe, it will isolate your computer to help prevent against spreading the malicious attack. It does this through synchronised security, where it will notify the firewall. The firewall will isolate you and let other devices on your network know that your computer isn’t safe. When Intercept X finishes removing the threat, it will notify the firewall to say “hey, I’m clear and safe again” and will allow it back into the network of trusted devices.
You don’t need to pull out and re-do all of your existing I.T infrastructure. The software can be a package installed on each user’s machine and the hardware can sit in-between the internet and your users to scan incoming and outgoing traffic.
Here’s what you could be risking if you’re an events, AV, or distribution company:
– Your company’s data
– Your client’s data
– Client recordings from a recent event
– Down-time and not being able to operate
– The cost of repair and coming back into operation
– Any new hardware that might be required to secure your company after having already paid to begin restoring your data
– Not being able to restore anything from backups and needing to pay the ransom
– Someone gaining access to your computer that is also syncing your cloud content
There’s some good further info from the Australian Government here – https://www.cyber.gov.au/acsc/view-all-content/threats/ransomware
Beyond Network Solutions are happy to consult on realistic solutions for any company or individual. I understand that not everyone has money to fork out for antivirus licenses for all their devices, or a premium firewall. In reality, firewalls are not that expensive, but it all depends on what internet connection speed you have. For example, if you have 50/50 NBN, you’ll only need the smaller boxes, but if you’re on fibre 1000/1000, you will need a larger box to handle a larger data volume.
Not everyone needs a premium firewall system. A lot of the time they just need a back-up solution and an understanding of not crossing paths. For example, maybe they have a device that does not connect to the internet that is used for transferring confidential client information for a banking event. Little things like that help prevent data breaches and leaks, but also mentioning that to your client provides them peace-of-mind. It also lets their security team know that you are aware of the severity of the outcome of a leak. For large organisations this could mean loss of value in stocks.
Published monthly since 1991, our famous AV industry magazine is free for download or pay for print. Subscribers also receive CX News, our free weekly email with the latest industry news and jobs.