Back in the mists of time, ransomware was the work of a hacker or criminal who had spent days compromising a chosen network. Today, ransomware attack are fully automated and target anything possible to access via the internet. It is vital to ensure that your IT landscape is protected properly. Don’t underestimate the importance of IT security, because ransomware attacks have a major impact. IT Auditor Ties Meesters, tells us more about this subject.
A ransomware attack can be summarised as a type of cyber attack in which a criminal gains access to as many of a company’s computers and servers as possible and then encrypts them. The criminal then only decrypts the computers and servers targeted after a ransom has been paid.
The importance of IT security
Our dependence on the digital infrastructure is growing, particularly now, with so much location-independent work and organisations establishing new work processes. As the NCTV says, “digital processes have become society’s central nervous system.” If this digital infrastructure is ‘down’, an entire company can grind to a halt. And that’s something that every business owner would prefer to avoid.
Examples of ransomware attacks
The municipality of Hof van Twente is one example of an organisation that became the victim of a ransomware attack recently. With just a weak password and a vulnerable work-from-home solution, the municipality lost all of its systems and networks. The estimated time necessary to get everything back up and running again? More than two years. Another option is to pay, which is what Colosseum Dental recently did. But who can guarantee that you won’t be extorted with the stolen data later on down the line? We also see that the focus of criminals is shifting beyond individual organisations to service providers. This means that as a business owner, you can also be affected indirectly through your supplier. Earlier this year, for example, The Sourcing Company fell victim to a ransomware attack. This company is a major service provider within the housing sector. Housing associations, law firms and healthcare institutions all became victims through The Sourcing Company.
Measures to ensure effective security
My research revealed a number of specific, effective measures that could be used to reduce the risk of ransomware attacks, or their consequences, and provide a good level of basic protection. The following points are particularly important:
- Reduce the attack surface;
- Create awareness;
- Have processes and procedures that can be initiated immediately after a ransomware attack or when recovering from a ransomware attack.
In line with the research results, the NCSC also published a guide that sets out eight cyber security measures last week. It is particularly important for basic patch management, back-ups, network segmentation and access security to be in place and applied consistently. This are truly basic requirements that every organisation should have in place.
Joanknecht can help you assess your processes. We analyse technical and procedural processes and the corresponding vulnerabilities and give practical advice on additional measures.
Lucas Vousten | +31 (0)40 240 9516 | lvousten@joanknecht.nl
Ties Meesters | +31 (0)40 240 9459 | tmeesters@joanknecht.nl
