Firms need to regain control in the war on cybercrime

Phil Beckett
Chaos Computer Club Annual Congress
Source: Getty

This week has seen another global cyber attack, bringing leading brands to their knees and making others fearful of future attacks.

This devastation has taken place just weeks after WannaCry crippled the NHS and other international firms. The worrying thing is that a pattern is emerging, both in terms of the malware used and the effects.

Leading businesses and organisations are being targeted over and over, and simply can’t withstand the attack. Data is being accessed and the defences are not meeting the standards required.

The message is clear – action needs to be taken. Simply adopting a “wait and see” approach is no longer viable – everyone is now at risk.

Read more: WannaCry cyber attack: A final warning for banks and fintech

For those firms which have been hacked, time is of the essence. Don’t sit back and wait for it to end – take action and regain control.

First, it’s important to quarantine the hack. This involves disconnecting the infected devices and shared drive from the network, as ransomware will look to spread via connected drives. Next, look where the problem originated and identify the cause – “patient zero”.

Once this is identified, initiate an incidence response plan, giving clear actions across the business. Get the c-Suite involved and provide clear roles so the situation can be resolved as swiftly as possible.

While it may seem counterintuitive, in the instance of a hack, firms need to be transparent. Instinct may urge you to hide the news, but it’s crucial for everyone in the business to know immediately what has transpired, how it happened and what actions are needed.

Hiding the issue will only exacerbate it – be open and take control. Knowledge is key in counteracting the spread of infection.

Presuming you have backups available, the next step is to wipe the infected devices and load backups onto them. If you do not have backups or a method of decrypting, seek expert and legal advice. Payment should never be the first reaction as data can be recovered.

For those lucky enough not to have been hit, take this as a warning. Don’t quietly thank your lucky stars and forget about those affected – be prepared so your defences can withstand an attack.

The first step should be to create backups of all critical assets, including operating systems, applications and data stores. And don’t just keep these in a desk drawer, they must be stored in a secure environment. They need to be air-gapped from the outside world and encrypted. You can never do too much when it comes to security.

Following this, simulations can help test a business’ digital framework and identify any weak spots. The basics shouldn’t be ignored and can often be key; for example: ensuring OS and applications are up-to-date and patched, endpoint protection is utilised and updated, and you know what to do if the worst happens.

The fact that we’re seeing cyber attacks on a now weekly basis, causing mayhem and costing businesses millions in lost reputation and damage control, speaks volumes about how defences need to be built and, most importantly, maintained.

The cost of cleaning up an attack will far exceed the spend needed to create a strong framework, so now’s the time to get the c-Suite engaged and secure your business.

We all take out insurance and precautions to stop thieves stealing our property. Data now needs to be treated in the same way. Protect it and lock them out before it’s too late.

City A.M.'s opinion pages are a place for thought-provoking views and debate. These views are not necessarily shared by City A.M.