We hear a lot about ransomware these days and it's certainly a pertinent topic locally given that Australia is a popular target for this kind of attack. While it's important to be aware of the latest ransomware developments in order to protect ourselves and our organisations from falling victim to this form of malware, we mustn't forget that there are more sinister and stealthy cyber attacks that we should be watching out for.
There are so many variants of ransomware and the number of attacks jumped in significantly in Australia in the last few months. The ransomware problem isn't going away but at least organisations are more aware of them. Having said that, the prominence of ransomware attacks may be blinding businesses from bigger and more insidious cyber security threats.
Consider this: ransomware attacks don't happen quietly. When a computer is hit, the attackers make it loud and clear that files have been encrypted and demands payment for their decryption. The nature of ransomware makes it reportable.
"It gets people's attention and I'm not saying it's not a problem -- it is a problem -- but it's interesting because cyber espionage attacks don't get attention because you don't know it's happening," RSA Advanced Cyber Defence (ACD) senior practice in Asia-Pacific Stephen McCombie told Lifehacker Australia. "It's almost like we're back in time -- back in the 2000s, every attack used to announce itself. But there are plenty of attacks that are going on that are much more stealthy."
Successful ransomware attacks are usually a symptom of bigger problems with an organisation's security competencies, he said.
"If an organisation has critical data encrypted by ransomware, I'd be really concerned at how they look after their data in the first place; there should be back-ups and related plans in place already," McCombie said. "If companies dealt with their broader security gaps, it would help with ransomware attacks as well."
Cyber espionage, he believes, is a far greater problem that does not garner enough attention mainly because it’s a kind of attack that often goes undetected for some time. Smaller organisations may think that this is only a problem that affects large enterprises, but that's not necessarily the case.
"No matter what size company you are, there's probably something you're doing that somebody wants to steal," RSA CTO Zulfikar Ramzan told Lifehacker Australia. That's usually a more fundamental mistake I see businesses make; they think nobody's after them."
He recounted a story about a medium-sized company that was constantly being undercut by a competitor during tender bidding processes. The company was advised to keep information offline, reverting to paper format, for a period of time to see what happens and sure enough it started winning tenders again.
"It occurred to the business that they were in fact deep compromised somewhere on the network and the competitor was getting their information," Ramzan said.
The point is, regardless of the size of your organisation, being cautious about ransomware is important but you shouldn't neglect to address wider security problems on your network and take a more holistic approach when it comes to responding to cyber security threats.
Spandas Lui travelled to Singapore as a guest of RSA.