You are probably not a multi-national organisation with 50,000 employees spread across the globe, you are probably not a company with a multi-billon dollar annual turnover, and you are probably not in possession of top-secret intellectual property that would be worth billions to your competitors.
So you are probably not going to be on the receiving end of a cyber-attack, right?
Of the four statements above three of them may be incorrect about your business but one of them is absolutely false… any business can end up being cyber-attacked and, unfortunately, attacks on smaller companies are on the rise.
Assuming the other three statements about your business are false, you are probably not going to be directly targeted by a nation state or state-sponsored group, but that does not mean you will not be the victim of an attack. The recent cyber-attack carried out against Kaseya is part of a worrying trend of attacks that has seen a 400% increase since the outset of the CV19 pandemic.
The victims in this attack were not huge conglomerates, but small/medium businesses. The perpetrators of this attack didn’t go for the individual companies but hit higher up in the software supply-chain, in this instance Kaseya. They used the remote management software to push out their infected payload to an unbelievable number of machines in minutes. This allowed them to encrypt the data and demand a ransom from up to one million companies without having to put in much effort at all.
It doesn’t have to be a software product that is used in the attack, cyber-criminals also use spam emails or compromised websites to get their malware payload onto the machines.
Supply chains have provided the perfect targets for cyber-attacks, the complexity of the chain is becoming so complicated and integrated, attacks can rapidly have a domino effect. Trying to infect as many companies as possible with the minimum effort is the goal for these cyber-criminals; maximum pay-out for minimum effort is their “business” model. They are not all skilled hackers or network infiltration specialists, a lot of the time they are using tools that can be bought “off the shelf” on sites hosted on the Dark Web. They aren’t sneaking onto your network to infect your machines and steal the data, they are using human weaknesses to trick a user into clicking on a link, visiting a website or running a file.
The end goal is to hit enough machines or companies with irreplaceable data so they get their “fee” for providing you the decryption key – if one even exists. There is no guarantee that if you pay the ransom that you’ll get your data back. There have been instances where victims paid up and were left still unable to access their files.
So what can you do to protect yourself:
- Installing the latest security updates for your operating system and applications can reduce the risk of unpatched vulnerabilities on your machine;
- Not using an administrative account for day-to-day operations, such as email or web browsing, can reduce the damage malicious software can do;
- Ensure you have a backup of your important data;
- Running anti-malware software that automatically updates its definitions daily can also offer some protection.
Although technical solutions can help reduce your attack surface, they should not be solely relied upon. User awareness plays a major part in the fight against malware; by having staff that know what warning signs to look for on a website or in an email, you can catch a great deal of attack attempts before they have a chance to run their payload.