Ransomware: The malice of data ransom and what to do about it
It sounds like the premise of a futuristic heist movie, or at least something that only happens to the largest companies. But an astounding one in five Australian businesses have been the victim of a cybersecurity incident, and Australia has the third-highest rate of reported ransomware attacks in the world. And it’s happening to businesses small and large. We talk to the Australian Information Security Association about protecting your data.
Imagine arriving at work on a Monday morning, turning on your computer and discovering that your essential business files have been hijacked. You can’t open your database and the only way to retrieve your data is to pay the criminals who have taken your files hostage. Your business is being held for ransom.
Cybersecurity incidents are becoming more frequent. A recent report from PwC found that such global incidents rose by almost half in 2013 to 42.8 million. This is the equivalent of 117,339 attacks per day.
Cyber attacks against Australian organisations are also rising. A concerning report by the Australian Government’s National Computer Emergency Response Team (CERT) found that one in five businesses in Australia have been the victim of a cybersecurity incident. Australia also has the third-highest rate of reported ransomware attacks in the world.
Taking your data for ransom
Ransomware attacks are among the most devastating breaches of security. By using malicious software to lock an organisation out of its own database, it renders them helpless until a ransom is paid to re-open their system. The University of Calgary in Canada has recent experience of this – it paid a demanded US$16,000 after a ransomware cyber attack on its computer systems in June this year.
The most common way to become infected by ransomware is by clicking on an attachment or link in a malicious email. Visiting infected websites or downloading applications with malicious code embedded within them can also leave you exposed to an attack.
Arno Brok, CEO of Australian Information Security Association (AISA) says that while a number of large organisations in Australia have cybersecurity programs in place, small to medium-sized businesses are vulnerable to ransomware. “There is a large number of small and medium-sized organisations that do not have any resources dedicated to cybersecurity and therefore form the soft underbelly of the country,” he says. “Small business owners have largely indicated they did not believe they were in danger of being targeted. Until we have that awareness that everyone is a target, we are at greater risk.”
Reporting a ransom
Ransomware can create significant disruption to your business and can compromise the trust of your clients. While Australian companies currently report cybersecurity breaches to the Privacy Commissioner on a voluntary basis, this may be about to change. “There is a draft regulation [for mandatory reporting] ready to be passed as law. However, with the current election coming up, this is not expected in the next few months,” explains Brok.
Mandatory reporting means your business would be required to inform those affected by a compromise of their personal data if it caused a real risk of serious harm. Depending on the size of the security breach, mandatory reporting may create additional administration and costs to your business.
Cyber liability insurance, although still in its infancy in Australia, can help protect your business from cyber extortion. However, many insurers set minimum cybersecurity requirements and you may be required to show the steps you are taking to secure your company’s information. Fees can also be high depending on an insurer’s assessment of your security preparations.
Protecting your data
Although cyber criminals are becoming more sophisticated, there are ways to protect your data from ransomware.
A first step is to educate your staff about the ways attacks may occur and to be aware of suspicious emails. A secure backup system, including an offline copy of your data, can also limit the impact of a cybersecurity breach.
Brok also suggests limiting administration permissions so fewer people in your business have access to network resources. You should also ensure that the latest antivirus systems are installed on all computers.
“Security measures vary per organisation; however, small and medium-sized organisations should at least do some basic cybersecurity hygiene,” says Brok. “This includes keeping their operating systems and applications up to date, whitelisting applications, minimising admin access and maintaining awareness about cyber risks with their staff.”