Subscribe

When data is held to ransom


Johannesburg, 17 May 2022

Ransomware attacks are one of the most common cyber security threats. It can have a devastating impact. During a ransomware attack, hackers encrypt the information and data of a business. In order to regain access, an encryption key is needed. Usually, the business would be required to pay the hackers in the form of Bitcoin or a similar and untraceable currency to get the encryption key. Hackers can gain access through hardware, for example, a USB device picked up and used by staff or a compromised e-mail account. However, most commonly, they gain access through phishing attacks – e-mails that mimic trusted organisations or people, but contain malicious content. 

Even simply opening a phishing e-mail could provide the hacker with access to a network. Once they’ve gained access, hackers can remain dormant or undetected for years. Thus, when they finally take the data ransom, businesses might not be able to rely on backups. When information is taken ransom, it is advisable not to pay the hacker, especially when it is unclear how they gained access to the network.

“It is not advisable for business to pay the ransomware if they don’t know how the attack occurred,” says Michael Morton, Solutions Architect at Securicom. “You need to understand the full attack sequence from when they gained access, how they gained access, which parts of the network were compromised, how it was compromised and whether the mitigating and remediating factors are in place to prevent it from happening again.”

Business can establish mitigating and remediating systems by conducting vulnerability assessments and internal audits – something with which Securicom can assist. But the true key to protecting a cyber security landscape and determining how a breach occurred is visibility into all security systems. Visibility provides insight into how and where the hackers went, but more importantly, the right visibility can help identify a hacker before an attack occurs. The Securicom Managed Security solution provides oversight into all cyber security technology within a business to ensure the technologies communicate effectively.

Back to the basics

Something as simple as using different passwords for different devices or systems as well as using a “strong” password can assist with increasing the security of a business. Using the word “password” as your password is a beginner's mistake. It should never be something that can be easily guessed. Be sure to combine letters, numbers and special symbols.

Another essential security tool is two-factor authentic. As Morton says: “Two-factor authentication is an easy security authentication tool that can prevent most data breaches.”

Protecting against ransomware

For businesses that want to ensure further protection against ransomware, Morton provides some advice: “Your most common vector for ransomware attacks are via your e-mail system that might have weak or inadequate security as well as lack of user awareness and adequate training. Businesses need e-mail security that provides advances threat protection against zero-day and ransomware attacks. In addition, there needs to be user educational training and internal phishing simulations to identify your key risk users.”

To break this down further, businesses need to focus on four key areas:

  • E-mail security;
  • User training;
  • Phishing simulations; and
  • Endpoint security, including AV, EDR and patching.

A robust e-mail security solution would assist in detecting suspicious e-mails as they enter a cyber security landscape before they even reach the end-user. User training would ensure that staff spot a strange e-mail and report it in the correct way, while phishing simulations allow the cyber security team to identify the staff who pose a risk for the business. These individuals could be provided with further training.

Training could also be useful to ensure that staff can report any suspicious e-mails correctly. Forwarding an e-mail is worst thing to do. Instead, the e-mail can be shared as an attachment with the cyber security team. Securicom, through its managed security solution, provides a solution that makes reporting a suspicious e-mail as easy as clicking a button – literally!

Finally, Morton encourages businesses to ensure their information is encrypted. Securicom provides solutions that can assist with encrypting data as well as doing a roll back on any encryption placed on data by hackers via industry-leading EDR technology, not to mention the various solutions available to assist with user training. In essence, Securicom has you covered! Give us a call on (0861) 591 591 (South Africa) or send us an e-mail at sales@securicom.co.za.


Share

Securicom

With more than 20 years of experience in the cyber security industry, Securicom provides industry leading Managed Security to more than 800 customers across the globe. Through our close partnerships with the best of breed technology vendors, we are able meet and exceed the needs of any business, any size, in any geography or vertical, while ensuring local relevance to the services provided. At Securicom, we pride ourselves on being 100-percent customer focused and live by our ethos: Business must be fair; Business with integrity; Honesty and Excellence through Service. 

Editorial contacts

Kerry Webb
(082) 496 0713