Every business should now be aware of the dangers of doing business online. In just the last month, there have been alarming cyberattacks and these are just the tip of the iceberg. As companies embrace more and more digitization, especially in these COVID times when technology is critical, the attack surface is growing at an alarming rate and so is the threat in the evolving landscape. It is therefore binding for organisations embarking on their journey of digital transformation to implement rigorous cyber management based on a well-defined cybersecurity strategy to counter the ransomware variant threats.
Burying your head in the sand won’t make the problems go away. It is imperative you get on the front foot and stay one step ahead of the cyber criminals.
These are not merely opinions but real-world consequences of increased activity of malicious actors in cyberspace. Examples abound:
- The recent suspected ransomware attack at JBS led to a shutdown of production around the world;
- An outage of the health system of the New Zealand Waikato District board disrupted the treatment of patients and the payroll process of staff members to the extent the hackers released what appears to be private patient information to media outlets;
- UnitingCare Queensland Aged Care and Hospitals were hit by a cyberattack;
- Australian Parliament House became the victim of a brute force cyberattack;
- United Nations branding was abused in a cyberattack campaign on Uyghurs;
- A malware attack on one of Canada Post’s suppliers caused a major data breach affecting 44 of the company’s large business clients and their 950,000 receiving customers;
- The Belgian Interior Ministry was targeted in a sophisticated cyberattack.
To implement a cybersecurity strategy encapsulating both threat and risk mitigation with a robust incident response plan, it is important to consider a few key questions, namely:
- What is ransomware?
- What could be the potential impact?
- Why a cybersecurity strategy is so important for your business?
- What can you start with immediately?
Ransomware is a malicious software that can lock your system, block you from accessing your data and services, may threaten to publish your data and then demand a ransom for you to have access. Ransomware poses a significant threat both to private users and companies alike.
The potential impact can range from minor to major depending on the nature of your business as the examples earlier demonstrate. The objective is to extort money from victims in exchange for the decryption key. Even if the victim agrees to pay the ransom, they still have no certainty that the cybercriminals will unlock the files they have encrypted.
To gauge the size and criticality of a Threat or Risk Management Strategy, it is useful to examine our current status by addressing the following questions:
- Do we have a cybersecurity strategy?
- Do we know how effective our cybersecurity strategy is, in addressing business risks?
- Do we have all the necessary information to manage cyber risks?
- Do we have all the necessary policies and process to protect sensitive information?
- Do we have cyber insurance?
- Are all teams in our business aware and aligned with the organisation’s information security and data governance policies?
- Are we assessing our risks against the threat landscape continuously?
- Do we have a Breach Incident Response plan?
- Have we tested it via attack simulations?
- Do we test it frequently and is it up to date?
- Do we have a Data Loss Prevention plan?
- Has it been tested against the Recovery Point Objective (RPO) and Recovery Time Objective (RTO)?
- Do we have a proper amalgamation of the triad of operations - People, Process and Technology?
- Do we have adequate resources?
- Are they being trained to be up to date on the attack frameworks and countermeasures?
- Do we have documented processes to deal with the incidents?
If the answer to any of the above is not a definite ‘Yes’, then you can be sure someone is probing your defenses and it is time to develop a plan to mitigate the risks.
While investment in sophisticated technical solutions is only one part of an effective defence, to counter the evolving threat vectors, organisations must ensure they have an integrated approach to cybersecurity tailored to their business and risk profile. It should further address the people and organisational elements alongside the technology. Key focus areas could include:
- Understanding the organisations risk in relation to their business critical operations;
- Understanding key areas of vulnerability and working across the security measures against those;
- Insider threat management;
- Incident Response Plan assuming some attacks will breach the defences;
- Educating and raising employee awareness and applying Zero Trust Principles to build greater resilience.
One of the best ways to start is by carrying out Assessments to understand your organisation’s Security Posture and Readiness against Ransomware or Denial of Service Threat attacks.
At UNIFY, we offer Ransomware Readiness Assessments as point and shoot offerings, focussed on specific security areas, in collaboration with Microsoft for critical initiatives such as Zero Trust Framework.
The objective of the assessments is to:
- Discover threats against Ransomware or Distributed Denial of Service (DDoS) attacks: Gain visibility into threats to the customer’s Microsoft 365 cloud environment across email, identity, and data to better understand, prioritize, and mitigate potential vectors of cyberattacks against the customer’s organization;
- Understand and Analyse how to mitigate threats: Help the customer understand how to mitigate and protect against the identified threats; and
- Define next steps: UNIFY Security experts will advise the customer on the next steps based on their needs, objectives and outcomes through a Threat Exploration and Assessment report.
UNIFY’s readiness assessments are available in the following areas:
- Azure Sentinel (SIEM) for Threat Monitoring and Management to detect Ransomware or DDoS attacks;
- Defender (O365) for Malware and Ransomware Protection in Microsoft 365; and
- Cloud Application Security (MCAS) leveraging security research expertise, threat intelligence, and learned behavioural patterns to identify ransomware activities.
UNIFY can help protect your business from a host of evils such as:
- Distributed Denial of Service (DDoS) attacks;
- Application Security vulnerabilities;
- Data Breaches;
- Data Leaks.
UNIFY can continuously monitor the Security Posture of your organisation and manage your security operations through our SOC-as-a-Service offering, UNIFYSecure™. UNIFY is a leading Identity, Security, Compliance and Governance organisation covering a myriad of security frameworks, including the requirements set by Australia and New Zealand Government Security Agencies.
UNIFY is a great place to start. Find out more about UNIFY’s Point and Shoot Security Readiness Assessments.
If you’d like to know more or to talk to us about our Security offerings, please fill out the form below.