Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Sunday, 05 December 2021 16:23

Why responsibility for ransomware sits at the top

By Walter Manyati
Walter Manyati, Director ANZ for Qualys Walter Manyati, Director ANZ for Qualys

GUEST OPINION by Walter Manyati, Director ANZ for Qualys: As the threat of ransomware attacks continues to escalate, the crippling of high-profile organisations frequently shines the spotlight on this crisis. Yet, it’s not hard to see why – ransomware is such a lucrative business model for cybercriminals.

Why? Simply put, it’s because companies continue to pay the ransom. In many cases, it’s easier and cheaper to pay the bad guys to avoid an even greater financial impact from extended downtime or lost data as they try to recover from backup.

Colonial Pipeline paid hackers US$4.4 million in ransom in May in a highly controversial move following a cyberattack. The CEO later claimed that the decision was necessary given the debilitating impact to the country’s fuel supply, despite the FBI and Department of Homeland Security recommending companies avoid paying ransoms.

The Australian Cyber Security Centre (ACSC) does not recommend paying the ransoms. In the 12 months to July 2021, ACSC received nearly 500 ransomware cybercrime reports, an increase of 15 percent over the previous year. It equates to an average of more than one ransomware cybercrime report received every day. Every organisation that uses technology is at risk.

Supporting the attackers’ business model by paying the ransom only encourages continued criminal activity and will only lead to more ransomware. In some cases, paying, introduces further regulatory risk to the targeted organisation as paying ransoms could be construed as illegal. Paying the ransom, is aiding and funding criminal activity.

Even if the ransom is paid, there’s neither guarantee that all data will be fully recovered nor, that your data has been deleted, leaving open the potential for it to be sold or disclosed at a later date if the information has value.

In an attempt to cut off at least some of the ransomware oxygen to cyber criminals, governments around the world are actively evaluating a number of measures aimed at deterring attackers – with Australia no exception.

The Labor Party recently reintroduced the Ransomware Payments Bill 2021 to Federal Parliament with the aim of creating a mandatory ransomware notification scheme for business and government. If passed, the bill would require entities to report ransomware payments paid in response to a ransomware attack to the ACSC.

Irrespective of the outcome of this particular bill, it does beg the question of whether an organisation should pay the ransomware if it was put in that position? Clearly this is no longer a decision to be made by IT. The pendulum is swinging towards ransomware being the responsibility of the executive team and boards.

Support executives on decision making

It’s never been more important for security teams to work with executives to ensure they are making the business decisions necessary to prevent ransomware attacks. The more they understand the risks, the better prepared they’ll be to make a decision and justify it in the face of scrutiny.

If the organisation does get hit, there will be fewer surprises if the problem is visible across the organisation. This will enable swift actions in the response. In particular, deciding whether the organisation should pay or not.

Get the house in order

In conjunction with supporting executives in being prepared, it’s time to get the house in order now rather than wait for legislation to mandate it, or more importantly, be attacked.

While every metric and trend indicate that organisations continue to add more security tools, successful attacks continue. Many organisations simply focus defences on detection and response, which does help to reduce damage from attacks, but doesn’t prevent them from happening in the first place. Adding more tools isn’t the answer to a strong defence.

Unpatched vulnerabilities, device misconfigurations, internet-facing assets and unauthorised software rank consistently among the top attack vectors for ransomware. While there’s no silver bullet to prevent ransomware, security teams must focus on eliminating any area of risk and shrink their attack surface.

This includes knowing any blind spots. It’s important to detect every data asset in the environment including unmanaged assets appearing on the network, inventory all hardware and software, and classify and tag critical assets.

Solid cybersecurity hygiene, patching for known ransomware vulnerabilities, changing configurations and adjusting security policies are a few important steps to taking charge. Some other best practices to prevent business interruption from a ransomware attack include:

  • Enforce password policies.
  • Employ best practices for use of remote desktop protocol, such as apply multifactor authentication.
  • Employ network security and firewalls.
  • Enforce account use policies, such as assign least privileges to users.
  • Keep software updated.

Between getting the house in order and working with executives to ensure they are making the business decisions necessary to prepare for ransomware, your organisation will be in a good position to avoid becoming a victim. And if by chance it does get hit, decision making on whether to pay or not in an inevitable future will be much easier.


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments