A dreaded issues an IT team has to deal with is that of ransomeware. However, PETER ALEXANDER, CMO, Check Point, offers five tips on how to avoid it.
It’s the call that IT teams dread: an employee is reporting that their PC screen is flashing red, with a message telling them that their files are encrypted and that they need to pay a ransom to get them unscrambled. What should they do next?
The actions that the organisation takes over the next few minutes, and hours, will be critical in determining just how big – or small – an impact the cyberattack will have. What’s more, a cyberattack does not only negatively impact the company’s physical IT systems: it also causes stress and puts employees under pressure too.
A recent paper from the University of Haifa found that cyberattacks have a strong psychological impact on all staff, increasing their levels of anxiety, stress and panic – which can then lead to mistakes being made, and in turn further damage.
So how should organisations go about eliminating these human, panicky and emotional reactions to cyber incidents, and develop a more coordinated, conditioned response?
Training is never in vain
A key example is the rigorous training that airline pilots are given in dealing with unexpected events: they are provided with extensive checklists and procedures that cover virtually every eventuality, from running out of fuel, to engine failure, to structural damage. And those procedures are practiced again and again, both in simulators and in flight conditions, so that in a real-time emergency situation, their response becomes an automatic reflex action. The result is that when an incident happens, the first thing the pilot and co-pilot will do is turn off the warning alarm, so that they can think clearly and start running through the appropriate checklist.
Enterprises need to undertake similar, rigorous planning to help them respond quickly and accurately to breaches or attacks. They should prepare an incident response (IR) plan, and assemble an IR team that includes all relevant internal stakeholders – such as IT and security specialists, HR and PR teams, plus in some cases, specialist external resources. Also, preparation alone isn’t enough: the execution of the plan needs to be practiced, through realistic training drills.
To help organisations develop faster, more effective responses, here are five key steps that they should follow, whether in a training exercise or in the wake of a genuine incident.
- Recognize the incident is happening
The critical first step is for staff to take the attack seriously and move swiftly, but without panic. Think of the ideal response to a fire alarm in an office building: everyone should immediately stop what they are doing and make their way to the exits without pausing to gather their possessions or empty their desks. A cyber incident should be granted the same instant attention and focus. As soon as it is identified, all staff need to be alerted, smoothly and efficiently, and given clear, calm instructions as to what to do next, whether that is simply stepping away from their desks, or shutting down their PCs or devices.
- Gather the resources you need
This means mobilizing the security tools and technology, as well as the trained staff which make up your organization’s security infrastructure, and getting them to focus on mitigating the incident. Clearly, not all staff will need to be involved in this stage, so it’s all about pulling together the right experience and expertise – fast. Your IR plan should set out which personnel need to be involved, and if any external security resources are to be used.
Of course, assembling the combination of tools and talent isn’t cheap. But the investment and time required to build effective defenses is dwarfed by the real-world costs of cyberattacks, in terms of remediation of immediate damage and subsequent fallout. The NotPetya ransomware attack of summer 2017 was estimated to have cost global logistics firm FedEx $300M in lost revenue and clean-up costs, and pharmaceutical giant Merck & Co stated that NotPetya cost it around $135M. So with companies on average experiencing two cyberattacks per week which breach their defenses, it’s clear that it’s far better to invest in preventing attacks, than to pay the far higher costs for a cure after the fact.
- Execute your IR plan
This is the active stage, in which you should work through your IR plan step by step to determine what the nature of the attack is, how it breached your defenses, how it can be isolated, and how the damage can be remediated. For organisations that do not have an IR plan to hand, it may be best to call in external specialist help at this stage: but for the future, here’s a checklist of what the plan should include, and important do’s and don’ts to follow when preparing a plan for your organisation.
Too often, organisations stop at stage three. But communication regarding the attack is vital – not only to all your internal stakeholders and employees, but also where necessary to external stakeholders such as partners, customers and investors. This is becoming a regulatory requirement. All stakeholders, both inside and outside your organisation, need to understand what has happened and what the implications are for them – in language pitched at their level of technical understanding.
This is a specialist stage, which should be left in the hands of your communications team. The recent revelations about Uber’s 2016 cyberbreach and the subsequent cover-up are a lesson in how not to communicate – and the consequences that might follow.
Once again, this is a truly crucial element of IR that is too often neglected. Every cyberattack should generate serious lessons for the organisation in question. After an attack active steps should be taken to repair the vulnerability, modify and improve the exploited process, retrain any staff that may have made a mistake, and put in place, or update the existing IR plan. Inability to learn from and take steps to improve cyber protection after suffering an attack leaves the organisation vulnerable to a similar attack occurring again.
Effective incident response is about training and practice. Developing an IR plan and keeping it updated involves work and investment – but during a cyberattack, that investment will pay dividends. Whether you decide to handle your IR internally or draw on external expertise, it’s important to make a plan now, and test it against possible attack scenarios. This will help to eliminate panic during an attack, limit the damage and fall-out from the incident and get your business ‘back to normal’ as fast as possible.
Get your passwords in shape
New Year’s resolutions should extend to getting password protection sorted out, writes Carey van Vlaanderen, CEO at ESET Southern Africa.
Many of us have entered the new year with a boat load of New Year’s resolutions. Doing more exercise, fixing unhealthy eating habits and saving more money are all highly respectable goals, but could it be that they don’t go far enough in an era with countless apps and sites that scream for letting them help you reach your personal goals.
Now, you may want to add a few weightier and yet effortless habits on top of those well-worn choices. Here are a handful of tips for ‘exercises’ that will go good for your cyber-fitness.
I won’t pass up on stubborn passwords
Passwords have a bad rap, and deservedly so: they suffer from weaknesses, both in terms of security and convenience, that make them a less-than-ideal method of authentication. However, much of what the internet offers is independent on your singing up for this or that online service, and the available form of authentication almost universally happens to the username/password combination.
As the keys that open online accounts (not to speak of many devices), passwords are often rightly thought of as the first – alas, often only – line of defence that protects your virtual and real assets from intruders. However, passwords don’t offer much in the way of protection unless, in the first place, they’re strong and unique to each device and account.
But what constitutes a strong password? A passphrase! Done right, typical passphrases are generally both more secure and more user-friendly than typical passwords. The longer the passphrase and the more words it packs the better, with seven words providing for a solid start. With each extra character (not to mention words), the number of possible combinations rises exponentially, which makes simple brute-force password-cracking attacks far less likely to succeed, if not well-nigh impossible (assuming, of course, that the service in question does not impose limitations on password input length – something that is, sadly, far too common).
Click here to read about making secure passwords by not using dictionary words, using two-factor authentication, and how biometrics are coming to
Code Week prepares 2.3m young Africans for future
By SUNIL GENESS, Director Government Relations & CSR, Global Digital Government, at SAP Africa.
On January 6th, 2019, news broke of South African President Cyril Ramaphosa’s plans to announce a new approach to education in his second State of the Nation address, including:
- A universal roll-out of tablets for all pupils in the country’s 23 700 primary and secondary schools
- Computer coding and robotics classes for the foundation-phase pupils from grade 1-3 and the
- Digitisation of the entire curriculum, , including textbooks, workbooks and all teacher support material.
With this, the President has shown South Africa’s response to a global challenge: equipping our youth with the skills they’ll need to survive and thrive in the 21st century digital economy.
Africa’s working-age population will increase to 600 million in 2030 from a base of 370 million in 2010.
In South Africa, unemployment stands at 26.7 percent, but is much more pronounced among youths: 52.2 percent of the country’s 15-24-year-olds are looking for work.
As an organisation deeply invested in South Africa and its future, SAP has developed and implemented a range of initiatives aimed at fostering digital skills development among the country’s youth, including:
AFRICA CODE WEEK
Since its launch in 2015, Africa Code Week has introduced more than 4 million African youth to basic coding.
In 2018, more than 2.3 million youth across 37 countries took part in Africa Code Week.
The digital skills development initiative’s focus on building local capacity for sustainable learning resulted in close to 23 000 teachers being trained in the run-up to the October 2018 events.
Vital to the success of Africa Code Week is the close support it receives from a broad spectrum of public and private sector institutions, including UNESCO YouthMobile, Google, the German Federal Ministry for Economic Cooperation and Development (BMZ), the Cape Town Science Centre, the Camden Education Trust, 28 African governments, over 130 implementing partners and 120 ambassadors across the continent.
SAP’s efforts to drive digital skills development on the African continent forms part of a broader organisational commitment to the UN Sustainable Development Goals, specifically Goal 4 (“Ensure quality and inclusive education for all”)
A core component of Africa Code Week is to encourage female participation in STEM-related skills development activities: in 2018, more than 46% of all Africa Code Week participants were female.
According to Africa Code Week Global Coordinator Sunil Geness, female representation in STEM-related fields among African businesses currently stands at 30%, “requiring powerful public-private partnerships to start turning the tide and creating more equitable opportunities for African youth to contribute to the continent’s economic development and success”.
Click here to read more about the Skills for Africa graduate training programme, and about the LEGO League.