4 ways to minimise the panic of a Bad Rabbit style attack

With the latest Ransomware Damage Report from Steve Morgan showing that damages have increased 15-fold in the last two years, cyber threats have unfortunately become the ‘new norm’ for IT teams, adding to the already existing pressures of keeping data secure and maintaining operational efficiency.

It is nearly impossible to predict what guise the next attack will take – one day it is a Windows 10 flaw, and the next it is a Wi-Fi protocol weakness. Most recently the news was flooded with a Petya-style malware, a variant known as Bad Rabbit, which targeted Russian and Ukrainian systems. Que sigh of relief, right? Wrong. The UK could have easily been the target or it could have spread globally in a WannaCry fashion.

>See also: Held hostage: the rise of ransomware

In the face of ever-increasing, ever-intelligent cyber attacks, simply ignoring it in the hopes that it will not happen to your business, or assuming that it simply won’t happen to you, is not a solution.

With any major outbreak of a virus or malware it is important to take the right approach and minimise ‘knee-jerk’ reactions. Panicking about outbreaks that get widespread attention doesn’t help and just turning off your systems isn’t the answer. Instead, face the challenge head on and proactively by addressing four simple, but key, areas of your business to minimise the risk, damage and panic of a security breach.

1. Educate your workforce

The workforce is your first line of defense when it comes to malware. Implement a simple and effective training programme to empower your people to know the difference between legitimate emails and phishing attempts.

>See also: Ransomware, cyber insurance and cryptocurrency: are you covered?

As obvious as this may seem, according to Morgan’s report, in 2016 an average of 40% of spam emails contained malware links to ransomware, an increase of 6,000% over 2015. Two excellent reasons to pause before clicking.

2. Update anti-virus/anti-malware software

Again, this might sound obvious, but a number of high profile corporations have been caught out because nobody was aware that their security software wasn’t updating correctly. Check that your systems are fully operational and those out in the field, who receive updates from external sources such as the Internet, are also updated.

3. Check your backups

If you are unfortunate enough to be infiltrated by ransomware do not pay the ransom demand. There is no guarantee that you will get your files back and the advice from the National Cyber Security Centre is to never provide money to a ransomware website. Restore any lost data using your backup providers.

>See also: Ransomware represents ‘25% of cyber attacks’ as hackers target UK

4. Check your endpoint patch levels

A simple check in most cases, yet incredibly some corporations do not have a single unified strategy around security patching and deployment of those patches. With the bigger malware releases a few months ago, Microsoft has released updates to ensure that vulnerabilities have been closed, for example. These updates, however, are only helpful if they are installed, so it should be a priority to put a plan in place around ensuring patches and updates are installed in a timely fashion.

Cyber attacks are invasive and expensive to fix when they happen. Be proactive today by implementing a strategy that aims to minimise the cyber attack of tomorrow. It will help save your organisation downtime, and keep your data safe, backed up and available to be restored should the worst happen.

 

Sourced by Rowan Troy, security solutions director, Six Degrees

 

The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is the editor for Information Age. He has a particular interest in smart technologies, AI and cyber security.