Information security, otherwise known as infosec, is a series of strategies to manage and prevent the unauthorised access as well as the use, of physical and digital information. This also includes any modification, destruction or disruption to information.
Common threats to information security are identity theft, theft of intellectual property, theft or sabotage of equipment as well as software attacks. Software attacks include malware and phishing attacks, viruses, worms, Trojan horses, identity theft and ransomware.
Many of these have become more common place in the last few years and have been reported widely since many have targeted well known global brands, large industries and even hospitals.
To deter attackers, multiple security controls should be put in place and coordinated as part of a layered defence. By doing this it should minimise the impact of an attack. In order for your business to be prepared for a security breach, it is suggested that an incident response plan is put in place.
In the case of ransomware which is becoming one of the most common information security threats, it’s advised to take the following steps: Understand your businesses potential exposure to ransomware, identifying the critical systems and data. Ensure that you have measures in place to protect those systems or are able to recover the data should you become a victim of a ransomware infection.
Some measures that should be taken to avoid becoming a victim include:
- Make sure antivirus software is present on all systems that may be affected by malicious software, ensure virus signatures are updated frequently (as new updates are released). In particular systems exposed to the Internet. Having AntiMalware solutions installed along with the AntiVirus will further reduce the probability of malicious ransomware files being downloaded and infecting your system(s).
- Make sure software patches and Operating Systems updates are applied as soon as they become available as these will address known OS and software security vulnerabilities that could be exploited.
- Ensure users are aware of the risks associated with email and Internet use so that they know to avoid clicking on links or opening attachments in emails which originate from unknown sources. Educate users to avoid emails that look suspicious or out of the ordinary, even when they are from sources that they are familiar with; sometimes spoofed emails pretending to be from someone known to the recipient are used to spread malicious links and attachments.
- Regularly back up important files, especially to a remote server or to a secure cloud storage, this can prevent your data from being held to ransom.
- Mobile Device Management is necessary for preventing an infection originating from mobile devices and BYOD users.
- Last but not least, providing cybersecurity awareness training to all users (including the CEO and Board of Directors), to raise their awareness of such a threat, to be able to spot an infection attempt and to ensure they know how to report an incident. It is estimated that 95% of ransomware infections are the result of a successful targeted spear-phishing attacks, with various sources estimating that as many as 70% of the targeted individuals are likely to open such an emails.
If a system is infected by ransomware recovering the encrypted files can prove very challenging. Having said that, there are specific types of malware that have been reversed engineered, flaws in their encryption process have been identified or the secret keys for restoring the encrypted files have been found.
Ransomware is not like a typical virus infection, especially if it has managed to get hold of important data, special tools need to be utilised in order to remove the infection. Some antivirus vendors offer free tools that may be used to boot the infected system(s) and take any appropriate actions towards not only removing the infection but recovering the affected files as well. For that reason, your incident response plan needs to include detailed processes to deal with ransomware infections specifically.
If you are a merchant that requires technical or PCI DSS help, please click here