Ransomware Is The Biggest Security Threat Right Now
Today ransomware is the biggest security threat businesses face. The impact it can have on a business is greater than any other threat out there. It is inflicted by third party criminal hacking organisations and is sometimes specifically targeted.
Data loss through hacking (or accidental loss) was the top contender a year or so ago, with the reputational damage and fines affecting businesses bottom lines. Ransomware is on a different level – crippling businesses by stopping booking and reservations, plant machinery working, EPOS (tills) not working, preventing payments – the list is endless, along with the consequences.
Unlike viruses that IT departments and business got used to over the last few decades, the payload of ransomware is significantly different, and the impact far greater.
1. Prevention – the best way to stop ransomware happening is by reducing the chances of them infecting the corporate network. Every entry point into your network needs robust defences, a task which seems to be increasingly difficult with the need for remote working. Ironically technology in this space has got much better with automatic updates and central management, even on BYOD. It’s the legacy fixed devices that are often forgotten about – where the heart of the business is – in-store technology such as EPOS, manufacturing automation.
2. Detection – detection is often thought to be part of prevention. It’s not. Any time ransomware (or any security incident takes place from a hacker, data loss, virus etc.) is left undetected is valuable time to take action that is being wasted, and exponentially increases the impact it will have on the business. If the pandemic has taught us nothing – lockdowns are shorter and impact is lessened when the numbers are low.
3. Isolating – centralised management is critical when it comes to isolating affected devices, along with a ‘playbook’ for communicating effectively through-out an organisation. These incidents can take place at any time – 24×7 – from the security guard clicking on a link while they are bored one evening, to the CEO installing an app on their laptop one morning. The ability for your digital and technology function to first detect, then isolate is critical. Understanding the architecture of your corporate network, and the unique and discrete areas of technology is critical. In our connected world and networks where we are encouraged by business and technology to connect – we need to pause and think, and continually review.
4. Recovery – all recovery starts with a backup. Without one it’s game over. Having a recovery plan, a “what-if” scenario, knowing what to do system by system, platform by platform to recover is essential. Virtualisation and cloud technology can play a big role in this area – but if things are not designed and maintained properly don’t expect it be the solution. Without the correct configuration, back-ups, snap-shots virtualisation doesn’t work – and it also has to work with the business by understanding priorities.
Do You Know What’s Happening?
If your IT or digital and technology function is not considering these four key areas, then you need to understand why? Is it a question of resources (financial or head-count)? Is it about ownership and accountability? Are they engaged with the business? Does your business have cyber security high on the agenda?
When Gray Blue engage with a customer providing CIO advisory and interim leadership services, cyber security is our number one question. What is being done in this space in your business?