Last week, barely a month since the WannaCry attack, companies around the world were struck by another major ransomware cyber attack.
With two similar looking, large-scale incidents occurring within such a short window, companies are naturally anxious to know how they can protect themselves against the next – inevitable – attack.
It’s all about the data
Traditionally, ransomware attacks are financially motivated, with criminals attempting to extort money by holding important data to, well, ransom.
It’s a good target: this data is the lifeblood of the business. Losing access to it is costly.
There’s no excuse then for a professional business that runs on information (as most do) to treat its computers and the data they hold in the same way one might a personal iPad. It has to be managed professionally. Businesses have to know where their important data is, why it’s important, and who should be allowed to see it and when.
Having identified what data is important, protections must be put in place that take account of the market they’re in, the data’s real value, and the profiles of anyone who might want to disrupt them.
“Security” can mean many things. We worry about “data theft” – where information is seen by people who shouldn’t see it – but the opposite is also a concern: if data is hidden from a business when they need it the consequences can be quite dire.
A united front
Tackling this threat requires a united front from the IT security industry. There’s no one technique, product, or company, that can do the whole job on its own.
Many techniques are required. For ransomware in particular, the most important is actually one of the simplest: keep backups of the data that matters most. That way, if you’re hit, simply throw out the infected machine, and download your backups or switch to a recovery site.
While this may sound complicated and expensive, much of this is just good practice and doesn’t actually require products to be purchased. With good data hygiene in place, and with the data location identified, it’s then simply a matter of encrypting it and putting the right access controls in place around its retrieval.
Be careful though: the bugs and backdoors used for WannaCry can also be used by criminals for other purposes.
Keeping backups is great against ransomware but it doesn’t do much to protect against people turning on microphones or webcams remotely to spy on you.
The same hack that made WannaCry a global phenomenon, for instance, was used much earlier by criminals targeting City firms and stealing sensitive pre-announcement M&A information, then making a killing on stock trades. But unlike the Big Red Screen of WannaCry, those guys stayed quiet and executed their attack while nobody noticed.
If my industry really wants to tackle the very wide problem of data security, it needs to be serious about working on collaborative solutions and educating customers that one product alone will only ever be a part of a wider solution.
Naturally, businesses first need to know where their data is in order to defend it. And while techniques such as making and encrypting backups are a perfect solution in protecting against the downtime caused by ransomware, any additional intelligence a business receives can only improve that protection.
Fortunately, governments already provide services that allow companies – particularly larger enterprises – to monitor networks, informing them when they’re being attacked, helping them to react quickly. Businesses must take that advice seriously and allocate business priority to IT.
Jon Geater is chief technology officer at Thales e-Security.