Every year, the cybercrime threat to our data and ICT infrastructure grows. Ransomware incidents increased by 50% last year, worldwide. Social attacks and other phishing techniques remain successful, too. Regardless of the cybercriminal’s motives - financial, political, ideological, etc. -, companies must arm themselves.
On 25 October, expert Eward Driehuis first revealed the main lessons from his cybercrime research, then companies Acerta and Picanol shared their perceptions and experiences of the threats. Presentations from the event are available exclusively for Beltug members (after login):
Eward Driehuis is Chief Research Officer at SecureLink. He opened the afternoon with an overview of the history of ransomware – while the attacks started as ‘mischief’, they were later adopted by ‘professional’ criminals, who set up larger attacks that increased the ROI of their botnets.
But with ransomware brand Cryptolocker, the game changed. Cryptolocker positioned itself in a somewhat positive way: "if you pay your ransom, you can trust them to release your data, so it isn't a big deal". As a result, the company successfully extorted quite a bit of money, and ransomware became a global menace. And while criminals may not make as much money as we think - they cause a lot of collateral damage!
Starting in 2014, criminals began targeting corporations in different ways than individuals, and also found new ways to make people pay: pushing the time limits ("after each hour, we'll delete 1000 files”, “every hour the ransom doubles", etc), or victimising people in different ways ("send nude pictures of yourself as ransom for your data").
Slide 8 in Eward's presentation shows that ransomware is currently only 25th on the list of cybercrime types (romance fraud, for instance, holds second place). Yet it is very damaging when the cybercriminals follow through on the threats. In fact, that is the reason it is less popular with cyber criminals: the extreme damage makes people angry, resulting in law enforcement taking significant action.
So who gets hit? Typically, companies whose business revolves around availability, confidentiality and integrity, are very likely to be attacked.
The increasing impact of cyber criminality speaks for itself. Yet we can fight back, concludes Eward, who gives some examples on slide 13.
Next up, Philip De Bie, CIO at the Picanol Group, shared how Picanol prepares to defend against attack by starting with an investigation of the security landscape: why, how, where and who are the attackers (slide 7 has an overview). The 'Ransomware Defence cheat sheet' on slide 11 is a very handy tool: the tips might be familiar, but it's good to go through the checklist during your preparations.
Philip explains that, when setting up your defence, start with a solid, well-thought-out, basic line of defence: firewall and anti-virus; secure connection, mail filtering, encryption, etc.; and 2-factor authentication. The next stage of defence then includes sandboxing emails and your website, mobile device management, SIEM, etc.
Picanol’s third line of defence is a yearly security assessment. This includes an ‘ethical hacking’ exercise, in which fake e-mails are sent to employees, and their resulting behaviour monitored.
It is clear that the weakest security link in a company is still the people working for it - so constant awareness-building and training are critical. Philip shared a best practice: "Make your users really paranoid when setting up a security awareness training within your company - make them really scared". Have a look at slide 24 to see the final slide of Picanol’s own employee training.
Philip concluded with a look at Picanol's extensive approach to ransomware: preparation, detection, containment, recovery and learning.
To conclude our session, Carl Tilkin-Franssens, CIO at Acerta, shared his insights and best practices. As a payroll service provider, Acerta works with sensitive, highly personal data (salary data, etc.). But ‘airtight’ sealing of the entire ICT infrastructure would result in an unworkable environment, so Acerta looks for a balance. It relies on a second line of defence: once a hacker gets in, how can it be detected and the threat contained?
Carl emphasised the importance of employee awareness - have people follow a training, convince them of the importance of protecting the company’s assets, and repeat as necessary. When an incident occurs, don't keep quiet: be open and transparent, so your employees can learn from each other. Publish the results of your ethical hacking exercises.
Some well-known prevention tools include:
But if someone or something gets in, it is very important to have your communication and mitigation plans ready - have a look at slide 16 for more details. An affordable cyber-insurance policy can help, too, Carl shares.
Acerta is continuing to optimise security, with ever-better monitoring, sandboxing, etc. As a final comment, our speaker advised never to be afraid to have your environment audited - it helps to improve the situation, and could even convince your Board to increase the security budget.
Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).
Beltug gathers a lot of information. Here you find the advantages of Beltug membership
The Beltug Team
Click here to login