Up against organised cybercrime
in educating their teams, they would greatly
Unfortunately, many companies don’t
decrease the likeliness of falling victim to
properly train their staff on cybersecurity
When looking at the sophistication of
ransomware attacks.
issues and still underestimate the consequences of staff using weak passwords
cybercrime today, especially ransomware, and considering that the sophistication
Most importantly, decision-makers need to
to access their applications. Educating
and frequency of attacks is increasing, it is
understand the value of their organisation’s
employees on the potentially severe con-
fair to view cybercrime as organised crime.
data. Despite multiple warnings, organisa-
sequences of a simple careless mistake is
Today’s hackers have become very powerful,
tions continue to store more and more data
the best way to empower each individual
mostly because IT now has a role to play
without increasing their security, or training
to prevent ransomware.
in every part of a business’s organisational
their teams about the value of the informa-
structure and strategy.
tion they are working with and exchanging
Security should be everyone’s concern,
with clients and other third parties.
from the CEO to customer service operators — not only IT. Ransomware can be
Contrary to many other attacks where organisations might get part of their data
Running fictional scenarios is a great way
fought only if security is put at the heart
corrupted or have their IT systems down
of making organisations, and particularly
of the business strategy — on the same
for several hours (which already can be very
CEOs or key business decision-makers,
level as any other goal, and it should have
damaging), ransomware’s primary aim is to
realise how much they would lose financially
its own KPIs.
get money from the organisation targeted.
and in terms of reputation if part of their data were stolen or inaccessible for a certain
Getting the right expertise
In a recent study by the Pomenon Institute,
period of time, and only restored if they
It is important for business leaders to un-
the cost for companies was revealed as being
were willing to pay significant amounts to
derstand that with the increasing complexity
up to US$2.64 million per attack with an
hackers. Making security a business priority
of the cyberthreat landscape, IT teams need
average of US$142 per lost or stolen record
is key to making sure IT teams get enough
to be regularly trained on the latest hack-
— a loss which can dramatically affect large
support to protect against ransomware.
ers’ strategies. If those teams aren’t trained
organisations, and which can potentially put SMEs out of business. The problem with ransomware is that it can
“The problem with ransomware is that it can come from
come from many different sources, making
many different sources, making it very difficult for SMEs
it very difficult for SMEs with limited IT
with limited IT budgets and security expertise to counter.”
budgets and security expertise to counter. Hackers increasingly use ransomware against SMEs because these enterprises often don’t
Empowering staff
properly and don’t know about the latest
consider themselves as potential targets, or
IT teams are, of course, the most obvious
threats, they won’t be able to alert the staff
think they can’t fight back against such
stakeholders when it comes to guaranteeing
or provide guidelines or recommendations
sophisticated attacks. In April 2016, a CERT
the security of an organisation. However,
to prevent more attacks. Nor will they be
Australia expert stated that most Australian
when it comes to ransomware, end users are
able to alert the appropriate executives or
organisations fall victim to ransomware
key and education once again plays a role.
teams about the need to increase security spend by investing in relevant technologies.
because they make basic mistakes. Hackers are often successful because they
Education is the key
appeal to end users’ carelessness. Most
SMEs represent a large part of Australia’s
Having worked with Australian SMEs for
ransomware pushes online users into click-
economy, and will continue being targeted
over 20 years, I have realised that the first
ing on an infected pop-up advertisement,
by ransomware as they continue to digitise
problem encountered when talking about
visiting an infected website or downloading
and collect valuable data. It actually doesn’t
security is a lack of knowledge on the
an infected file from an email. The second
matter whether or not a hacker thinks your
matter, both from the executive and IT
step of the process is locking the victim’s files
data is important — if you think it’s im-
management levels. If SMEs invested time
and asking for a ransom to ‘unlock’ them.
portant, then you are a potential target.
w w w . t e c h n o l o g y d e c i s i o n s . c o m . a u
43