Stories by Olabisi Olaleye with additional reports from cfo.com
[email protected] 08094000013, 08111813040
Last week over 99 countries of the world were threatened with WannaCry, a massive malware attack hitting over 300,000 information technology systems of banks, hospitals and telephone companies, while holding affected computers hostage for a ransom of $300 in Bitcoin.
Ransomware attacks on corporate systems are becoming more common these days as cybercriminals spread their tentacles.
However, according to IT experts, Michael R. Overly and Aaron Tantleff, there are ways to manage the risk.
They said, “All too often, companies’ focus after being victimised by a ransomware attack is on the ransom paid, which is generally the most trivial outcome of the incident. From the perspective of a chief financial officer, what goes unaccounted for in any meaningful way is the lost productivity, lost profits, harm to business reputation, cost of reconstructing data and other damages that flow from these attacks.
“While state and federal laws may require breaches of privacy to be reported, that is not the case with ransomware attacks. As such, a significant number go completely unreported and unpublicised; so the true extent of the damages caused remains a mystery. In some cases the ransomware attack is just one prong in a multi-pronged attack on an organisation’s infrastructure, making it almost impossible for even the victim company to determine the specific impact of the ransomware.”
Types of damage and effects
Ransomware typically targets an organisation’s most valued information. But it could reach almost any information, including marketing materials, payroll data, intellectual property, financial transactions, and health records.
Hiring an expert who is able to decrypt the information is often more expensive and time-consuming than paying the ransom to get the information restored. And sometimes data restored by a recovery service is incomplete, with full recovery requiring the decryption key. However, by the time an organisation discovers that the recovery is incomplete, the attacker probably has already destroyed the key and moved on, making full recovery impossibile.
If the ransomware hits certain servers, it may be distributed throughout an organisation to all users and potentially to third-party users connecting to those servers or other infected user devices. It can also infect the organisation’s backup media, and if the target tries to restore data from its backups, it could re-infect its systems and data.
These attacks can take hostage and threaten to or actually disclose confidential or proprietary information to the public or, even worse, the highest bidder. The fear of such disclosure is a motivator for victims and gives them little time to think rationally about their options.
Controlling risk
An overall approach to addressing the threat of ransomware could include the following practices:
Train and educate personnel on an ongoing basis.
Specifically address and plan for ransomware in the business disaster recovery and business continuity plans, including testing of those plans.
Ensure that all anti-virus and other security software is properly updated. Many forms of ransomware can be detected and avoided using this simple step.
Engage a third-party expert security vendor to assess your organisation’s systems and procedures.
In the event of an attack, identify and isolate infected and potentially infected systems.
Disable shared network drives connected to the infected systems.
Consider suspending ordinary-course backups of those systems to prevent further propagation of the virus.
Engage an information security consulting firm that specialises in assessing and mitigating these sorts of attacks.
Circulate a warning to all personnel advising them of the threat and cautioning them not to open email and attachments from suspicious sources.
Insurance as a path to mitigation
In the security context, a wide range of cyber-liability policies are now readily available.
Cyber insurance policies are an important tool for CFOs in managing the impacts of cyber and other information-breach incidents. Some policies include the payment of a ransom, while others expressly exclude it due to the “moral hazard” of such coverage. Where such policies do exist, many are limited and may have coverage exclusions.
For organisations that have such policies, working with the broker and insurers to understand the policy and the procedures for filing a claim is crucial to payment under the policy. Oftentimes, the policies are tightly drafted to mitigate the impact of cyber fraud and require the policyholder to educate its workforce and implement appropriate means, such as business continuity and disaster recovery procedures, to prevent ransomware intrusion and mitigate the impacts of an incident.
Conclusion
Unfortunately, incidents of ransomware are increasing daily and there appears to be no end in sight. Given the difficulty of preventing ransomware infection, companies should focus on personnel training and awareness, which has one of the best returns on investment in preventing attacks. Following closely behind training is the deployment and testing of business continuity and data backup procedures designed with attacks like ransomware in mind.
•Culled from cfo.com
NITDA advises MDAs, others on preventing cyberattacks
Nigeria Information Technology Development Agency (NITDA) has said all ministries, departments and agencies (MDAs) of government, as well as other corporate organisations, should be alert to a viral cyberattack that is currently affecting computers across the world. “WannaCry” or “WannaCrypt,” spreads by itself between computers and does not require human interaction. It restricts access to the affected system and demands for the payment of ransom.
According to NITDA Director-General,Isa Ali Ibrahim Pantami, ransomware attack exploits vulnerabilities in the Microsoft Windows Operating System, especially those not supported such as Windows XP, Windows 8 and Windows Server 2003.
“Microsoft released a patch for the vulnerability in March and machines that were updated with the patch would have been automatically protected.Furthermore, should your system be infected by ransomware, isolate the system from your network to prevent the threat from further spreading.
“In addition, the following actions can be taken immediately: remove the system from network; do not use flash/pen drive, external drives on the system to copy files to other systems; format the system completely and get fresh operating system copy installed; and contact NITDA Computer Emergency Readiness and Response Team (CERRT) for assistance. They can be reached via telephone on 800-9988-7766-5544 or e-mail, [email protected]”.
Pantami added that organisations and MDAs should take precautionary measures and regularly update their operating systems with the latest patches. He urged firms to “avoid downloading and opening unsolicited files and attachments, adjust security software to scan compressed or archived files and avoid indiscriminate use wireless connections such as Bluetooth or infrared ports.”