A dreaded issues an IT team has to deal with is that of ransomeware. However, PETER ALEXANDER, CMO, Check Point, offers five tips on how to avoid it.
It’s the call that IT teams dread: an employee is reporting that their PC screen is flashing red, with a message telling them that their files are encrypted and that they need to pay a ransom to get them unscrambled. What should they do next?
The actions that the organisation takes over the next few minutes, and hours, will be critical in determining just how big – or small – an impact the cyberattack will have. What’s more, a cyberattack does not only negatively impact the company’s physical IT systems: it also causes stress and puts employees under pressure too.
A recent paper from the University of Haifa found that cyberattacks have a strong psychological impact on all staff, increasing their levels of anxiety, stress and panic – which can then lead to mistakes being made, and in turn further damage.
So how should organisations go about eliminating these human, panicky and emotional reactions to cyber incidents, and develop a more coordinated, conditioned response?
Training is never in vain
A key example is the rigorous training that airline pilots are given in dealing with unexpected events: they are provided with extensive checklists and procedures that cover virtually every eventuality, from running out of fuel, to engine failure, to structural damage. And those procedures are practiced again and again, both in simulators and in flight conditions, so that in a real-time emergency situation, their response becomes an automatic reflex action. The result is that when an incident happens, the first thing the pilot and co-pilot will do is turn off the warning alarm, so that they can think clearly and start running through the appropriate checklist.
Enterprises need to undertake similar, rigorous planning to help them respond quickly and accurately to breaches or attacks. They should prepare an incident response (IR) plan, and assemble an IR team that includes all relevant internal stakeholders – such as IT and security specialists, HR and PR teams, plus in some cases, specialist external resources. Also, preparation alone isn’t enough: the execution of the plan needs to be practiced, through realistic training drills.
To help organisations develop faster, more effective responses, here are five key steps that they should follow, whether in a training exercise or in the wake of a genuine incident.
- Recognize the incident is happening
The critical first step is for staff to take the attack seriously and move swiftly, but without panic. Think of the ideal response to a fire alarm in an office building: everyone should immediately stop what they are doing and make their way to the exits without pausing to gather their possessions or empty their desks. A cyber incident should be granted the same instant attention and focus. As soon as it is identified, all staff need to be alerted, smoothly and efficiently, and given clear, calm instructions as to what to do next, whether that is simply stepping away from their desks, or shutting down their PCs or devices.
- Gather the resources you need
This means mobilizing the security tools and technology, as well as the trained staff which make up your organization’s security infrastructure, and getting them to focus on mitigating the incident. Clearly, not all staff will need to be involved in this stage, so it’s all about pulling together the right experience and expertise – fast. Your IR plan should set out which personnel need to be involved, and if any external security resources are to be used.
Of course, assembling the combination of tools and talent isn’t cheap. But the investment and time required to build effective defenses is dwarfed by the real-world costs of cyberattacks, in terms of remediation of immediate damage and subsequent fallout. The NotPetya ransomware attack of summer 2017 was estimated to have cost global logistics firm FedEx $300M in lost revenue and clean-up costs, and pharmaceutical giant Merck & Co stated that NotPetya cost it around $135M. So with companies on average experiencing two cyberattacks per week which breach their defenses, it’s clear that it’s far better to invest in preventing attacks, than to pay the far higher costs for a cure after the fact.
- Execute your IR plan
This is the active stage, in which you should work through your IR plan step by step to determine what the nature of the attack is, how it breached your defenses, how it can be isolated, and how the damage can be remediated. For organisations that do not have an IR plan to hand, it may be best to call in external specialist help at this stage: but for the future, here’s a checklist of what the plan should include, and important do’s and don’ts to follow when preparing a plan for your organisation.
Too often, organisations stop at stage three. But communication regarding the attack is vital – not only to all your internal stakeholders and employees, but also where necessary to external stakeholders such as partners, customers and investors. This is becoming a regulatory requirement. All stakeholders, both inside and outside your organisation, need to understand what has happened and what the implications are for them – in language pitched at their level of technical understanding.
This is a specialist stage, which should be left in the hands of your communications team. The recent revelations about Uber’s 2016 cyberbreach and the subsequent cover-up are a lesson in how not to communicate – and the consequences that might follow.
Once again, this is a truly crucial element of IR that is too often neglected. Every cyberattack should generate serious lessons for the organisation in question. After an attack active steps should be taken to repair the vulnerability, modify and improve the exploited process, retrain any staff that may have made a mistake, and put in place, or update the existing IR plan. Inability to learn from and take steps to improve cyber protection after suffering an attack leaves the organisation vulnerable to a similar attack occurring again.
Effective incident response is about training and practice. Developing an IR plan and keeping it updated involves work and investment – but during a cyberattack, that investment will pay dividends. Whether you decide to handle your IR internally or draw on external expertise, it’s important to make a plan now, and test it against possible attack scenarios. This will help to eliminate panic during an attack, limit the damage and fall-out from the incident and get your business ‘back to normal’ as fast as possible.
News fatigue shifts Google searches in SA
Google search trends in South Africa reveal a startling insight into news appetite, writes BRYAN TURNER.
The big searches of the year no longer track the biggest news stories of the year, suggesting a strong dose of news fatigue among South Africans.
“People ask, why are the Guptas not on the list of Google’s top searches?, says Mich Atagana, head of communications and public affairs at Google South Africa, “The Guptas are not on the list because South Africans are not actually that interested. South Africans are looking for things they don’t know. From a Gupta point of view, we’ve been exhausted by the news and we know exactly what is going on.”
Google South Africa announced the results of its 2018 Year in Search, offering a unique perspective on the year’s major moments.
“Four years ago, there were almost no South Africans on the personalities list,” says Atagana. “Over the years, South Africans have gotten more interested in South Africa, in searching on Google.”
That isn’t to say that international searches – like Meghan Markle – are not heavily searched by South Africans. But they feature lower down on the lists.
From the World Cup to listeriosis, Zuma and Global Citizen, South Africans use search to find the things they really need to know.
These are the main trends revealed by Google this week:
Top trending South African searches
- World Cup fixtures
- Load shedding
- Global Citizen
- Winnie Mandela
- Black Panther
- Meghan Markle
- Mac Miller
- Jacob Zuma
- Cyril Ramaphosa
- Sbahle Mpisane
- Kevin Anderson
- Malusi Gigaba
- Ashwin Willemse
- Patrice Motsepe
- Cheryl Zondi
- Shamila Batohi
- Mlindo the Vocalist
- How did Avicii die?
- How old is Pharrell Williams?
- What is listeriosis?
- What is black data?
- How old is Prince Harry?
- How much are Global Citizen tickets?
- How to get pregnant?
- What time is the royal wedding?
- What happened to HHP?
- How old is Meghan Markle?
Top ‘near me’ searches
- Jobs near me
- Nandos near me
- Dischem near me
- McDonalds near me
- Guest house near me
- Postnet near me
- Steers near me
- Spar near me
- Debonairs near me
- Spur near me
- Winnie Mandela
- Meghan Markle
- Sbahle Mpisane
- Aretha Franklin
- Khloe Kardashian
- Sophie Ndaba
- Cheryl Zondi
- Demi Lovato
- Lerato Sengadi
- Siam Lee
The Year In Search 2018 minisite can be found here.
Smartphones dip in 2018
According to the International Data Corporation (IDC) Worldwide Quarterly Mobile Phone Tracker, worldwide smartphone shipments are expected to decline by 3% in 2018 before returning to low single-digit growth in 2019 and through 2022.
While the on-going U.S.-China trade war has the industry on edge, IDC still believes that continued developments from emerging markets, mixed with potential around 5G and new product form factors, will bring the smartphone market back to positive growth.
Smartphone shipments are expected to drop to 1.42 billion units in 2018, down from 1.47 billion in 2017. However, IDC expects year-over-year shipment growth of 2.6% in 2019. Over the long-term, smartphone shipments are forecast to reach 1.57 billion units in 2022. From a geographic perspective, the China market, which represented 30% of total smartphone shipments in 2017, is finally showing signs of recovery. While the world’s largest market is still forecast to be down 8.8% in 2018 (worse than the 2017 downturn), IDC anticipates a flat 2019, then back to positive territory through 2022. The U.S. is also forecast to return to positive growth in 2019 (up 2.1% year over year) after experiencing a decline in 2018.
The slow revival of China was one of the reasons for low growth in Q3 2018 and this slowdown will persist into Q1 2019 as the market is expected to drop by 3% in Q4 2018. Furthermore, the recently lifted U.S. ban on ZTE had an impact on shipments in Q3 2018 and created a sizable gap that is yet to be filled heading into 2019.
“With many of the large global companies focusing on high-end product launches, hoping to draw in consumers looking to upgrade based on specifications and premium devices, we can expect head-to-head competition within this segment during the holiday quarter and into 2019 to be exceptionally high,” said Sangeetika Srivastava, senior research analyst with IDC’s Worldwide Mobile Device Trackers.
Though 2018 has fallen below expectations so far, the worldwide smartphone market is set to pick up on the shift toward larger screens and ultra-high-end devices. All the big players have further built out their portfolios with bigger screens and higher-end smartphones, including Apple’s new launch in September. In Q3 2018, the 6-inch to less than 7-inch screen size band became the most prominent band for the first time with more than four times year-over-year growth. IDC believes that larger-screen smartphones (5.5 inches and above) will lead the charge with volumes of 947.1 million in 2018, accounting for 66.7% of all smartphones, up from 623.3 million units and 42.5% share in 2017. By 2022, shipments of these larger-screen smartphones will move up to 1.38 billion units or 87.7% of overall shipment volume.
“What we consider a so-called normal size smartphone has shifted dramatically in a few short years and while we are stretching the limits with bezel-less devices, the next big switch to flexible screens will test our imaginations even further,” said Melissa Chau, associate research director with IDC’s Worldwide Mobile Device Trackers. “While this category of device is still nascent and won’t see major adoption in the year ahead, it’s exciting to see changes to the standard monoblock we are all so used to carrying.”
Android: Android’s smartphone share will remain stable at 85% throughout the forecast. Volumes are expected to grow at a five-year compound annual growth rate (CAGR) of 1.7% with shipments approaching 1.36 billion in 2022. Android is still the choice of the masses with no shift expected. Android average selling prices (ASPs) are estimated to grow by 9.6% in 2018 to US$258, up from US$235 in 2017. IDC expects this upward trajectory to continue through the forecast, but at a softened rate from 2019 and beyond. Not only are market players pushing upgraded specs and materials to offset decreasing replacement rates, but they are also serving the evolving consumer needs for better performance.
iOS: iOS smartphones are forecast to drop by 2.5% in 2018 to 210.4 million. The launch of expensive and bigger screen iOS smartphones in Q3 2018 helped Apple to raise its ASP, simultaneously making it somewhat difficult to increase shipments in the current market slump. IDC is forecasting iPhone shipments to grow at a five-year CAGR of 0.1%, reaching volumes of 217.3 million in 2022. Despite the challenges, there is no ambiguity that Apple will continue to lead the global premium market segment.