We have seen an increase in the number of customers affected by cyber attacks during the last year. This is no longer just a threat that the big companies face and the phishing and ransomware problem appears to be increasing. Ransomware is a threat that effectively removes access to your data by encrypting it. This encryption changes the way the data is written so that it can only be read if you have a special key to unlock the data. The only way to get the decryption key is to pay the money and hope that it works. There are time limits on how long you are given to respond and after that limit the data is unrecoverable and must be restored.
When devices are infected with this ransomware we have seen large volumes of data encrypted in a short space of time , in one case 250,000 files in 20 minutes.
The difference between traditional viruses, malware and ransomware is that ransomware is aimed at getting money from the victim whereas viruses and malware have the intention of causing damage.
The phishing attacks that we are seeing are becoming increasingly more complex and involve the attacker impersonating a known contact to obtain money typically by asking for account details to be changed or invoices to be paid.
We have put together a number of systems to protect our customers data and this is made up of changes to the company pc's and servers and the deployment of additional software and scanning services. There needs to be a combination of solutions, known as security layers that are put in place.
In conjunction with the technology we also need to implement good working processes and employee training.
1. End User Training and Best Practices:We need to train end users in good security practices and to identify the potential threats, such as suspicious emails or unusual files.Employee training is critical in the overall solution and could form a layer of defence in its own right especially when dealing with phishing attacks.
2. Good Backups:We are moving more towards online backups now as it gives us a greater level of protection, it can be automated and doesn't require user interaction. If the worst should happen and we need to recover from a disaster, we can restore whole systems to our office on to new or spare equipment for recovery. In many cases we run this backup in parallel with existing systems if customers have them. Adding a monthly test restore is important, knowing that data recovery has been tested and proven is important.
3. Endpoint Security:We have found that we need to increase the level of protection that our customers have. We are primarily using two products, Sophos Cloud anti-virus and Sophos Interceptx. The first product is traditional anti-virus and is designed to stop the traditional viruses and malware and the second product is specifically aimed at protecting against these threats labelled as "ransomware".
4. Mail Filtering:We have started deploying a solution from Mimecast who are the market leaders in scanning and removing threats from e-mails as well as rejecting spam. This is done before the e-mail is delivered to the end user.
5. Web Filtering:Many threats are delivered now by browsing to compromised sites where the virus or ransomware is hidden waiting to be downloaded. We recommend implementing a filtering system that scans employee access to the Internet and will block sites listed as being infected or suspicious.
6. Firewall & System Updates:The firewall is designed to protect the network from external unauthorised access and should be updated on a regular basis and included in the cyber security process. Company workstations and servers need to have the latest security updates; we prefer to agree a proactive maintenance plan with our customers to ensure that internal systems remain secure.