Did you know manufacturing, production, distribution and sales consistently rank in the top five sectors targeted by ransomware? Mark Saville at Data2Vault discusses simple ways to mitigate your risk
Supply chains provide an ideal hunting ground for hacking gangs. Links between companies exchanging orders and invoicing using email and running online accounting and stock systems all become vulnerable if one company in the supply chain gets breached.
The impacts of cyber crime are increasingly financial and are no different to the more familiar types of crime that could seriously damage your business. Think in terms of theft of goods, theft of money or fraud. How do you prevent and minimise these within your company, compared to preventing cyber crime?
Criminals use automated software tools and malicious code (malware) to bombard, infect and breach IT systems, cloud services and user devices like laptops, mobile phones and personal computers.
The most common cyber crimes fall within a pattern called triple extortion where the company suffers one, two or three of the extortion techniques that the hacking gangs use
- Invoice fraud: This occurs when the email accounts of directors, finance teams or accounts personnel are breached. Valid invoices are re-presented and re-routed for payment to a fraudulent bank account setup by the criminals.
- Ransomware: Once a network or cloud service is breached by a hacking gang, malware is used to infect files. This malware spreads automatically over a period of months infecting millions of files and in turn these infected files are then stored in the backup system. Some months later the malware detonates, every infected file becomes encrypted and cannot be accessed. The hackers demand a ransom in for the release of the keys to decrypt the data. Payment does not guarantee the keys will be made available and could breach funding of terrorism legislation, resulting in company Directors facing criminal investigation
- Exfiltration of data. During a breach hackers look for confidential data, it can be in databases or file systems, containing customer, financial or business sensitive information. They copy the data out to cloud storage and then encrypt the source files so you cannot check what has been stolen. The hackers demand a ransom, or the files will be published online. Paying the ransom does not guarantee you get the data back, or the data will not be published
In each case, an internal IT team or IT service provider can try and remediate the breach, but unless they are skilled in cyber forensics and incident response, they could make the situation much worse.
In most cases we find several basic cyber protections are already in place, but are often poorly maintained, for example firewalls, anti-virus, email scanning and email filtering. In addition, it’s essential to make sure system patching is operational, and multi-factor authentication is set up on every user account, including administrators, as these steps help shutdown vulnerabilities that hackers regularly exploit.
We know from our experience that cyber-related budgets are constrained until there is a breach. So where should you start in taking steps to combat cyber crime. There are two areas to consider: prevention and resilience.
Prevention focuses on stopping a breach. It should include a written cyber incident response plan to identify and document the company’s response to a cyber incident, as well as regular cyber maturity assessments to check for vulnerabilities and ensure prevention measures are evolving with the latest threats. Prevention strategies should also include malware detection to identify zero-day malicious code which is undetectable by traditional anti-virus technology, as well as implementing a security operations centre (SOC) which is a service that monitors all the key IT assets in the company. This service can detect attempts to breach company systems and trigger a response in the event of an attack.
Additionally, companies should utilise supply chain vulnerability intelligence, which constantly analyses the vulnerability of organisations in your supply chain. An example may be if username/password details from a supplier appear for sale on the dark web you would be alerted. Finally, automated network segmentation can be used detect and isolate malware that causes ransomware to spread across a network or within a cloud service.
Cyber Resilience focuses on minimising the disruption caused by a successful cyber attack, and includes data backup as well as disaster recovery infrastructure, which becomes necessary if your primary IT systems are completely non-serviceable during the cyber incident response.
Where do you start to find out if your IT systems are secure or have been breached and your confidential data has been compromised?
A cyber maturity assessment is a good start, just make sure it is carried out by someone independent of your internal IT team or IT support provider, they may have something to hide.
0333 344 2380