Minimising your IT security risk footprint

October 31, 2017

Cyber-attacks against Australian businesses and IT infrastructure continue to rise. While the threats are ominous, businesses have an opportunity to re-establish effective security strategies.

Australian businesses and organisations experienced 47,000 security incidents in the past year. A 15% increase on the year before.

Dan Tehan, the minister assisting the Prime Minister for cyber security, made clear the seriousness of the threat when presenting the Australian Cyber Security Centre’s 2017 threat report.

“Like nation states, cybercriminals are using more complex methods to target businesses, large and small. In particular they are using increasingly personalised techniques to trick their victims,” he said.

The warning from Tehan should not be met with only doom and gloom, or the misleading idea that significant change to your security policies is required. A practical approach is possible, involving a staggered introduction of improved security practices at a pace your business can manage.

Staff reminders can be a game changer

Staying up-to-date on current threats can help prevent infections. A clear trend we’ve seen over the past year is criminals sending a massive volume of ransomware-laden emails within a short time period.

The emails appear as if they are from a well-known Australian brand, usually advising a bill or credit is outstanding. From the Sentrian current threats gallery, you can see that telcos, utilities and Australia Post are frequent targets.

High target areas of your business, particularly accounting staff, can benefit from knowing even basic information on emerging threats. These staff members are particularly susceptible to ransomware due to the high number of email attachments they are required to open.

Reduce admin access

Minimising the number of users with administrator access and only providing admin rights where necessary, can dramatically reduce the risk to your business.

Recent ransomware attacks have increased their level of sophistication. WannaCry not only encrypted files, it leveraged domain administration rights to spread to other devices. This allowed the malware to infect computers where the end users had not performed any action to infect themselves.

With fewer admin users, compromised machines will have be restricted in their ability to infect additional machines.

Paying criminals is not an option when fighting ransomware

Despite nearly 60 percent of businesses showing a willingness to pay ransomware demands, it is never a practical option. There are many reasons not to pay, however two stand out:

1. Even after paying, you must trust that the criminal will unlock the encrypted files.
2. You have acknowledged to the criminal that your business exists (and that you are willing to pay if attacked again).

Many victims of this year’s WannaCry attack found out the hard way that cyber criminals are not to be trusted. Nearly a third of victims who actually paid the ransom did not have their files unlocked. Meaning they lost their files, lost a further $300 to $600 and opened themselves up to future potential attacks.  

Peter Coroneos, the former chief executive of the Internet Industry Association, warned earlier this year that paying a ransom leaves your business painted a “soft target” by criminals. Despite such warnings, it is worth noting that ransomware infection attempts typically spread via mass-email campaigns instead of targeted emails.

If your IT security policy involves reducing your risk footprint, paying a ransom is absolutely the wrong action.

Quick tips

Here are some other strategies and tactics to help prevent being compromised by criminals:

Keep your software updated and use supported versions of software.

• Has it been more than 12 months since a piece of software received an update?
• Be advised: Microsoft Office 2011 for Mac is no longer supported and no longer secure.

Develop a layered backup strategy.

• Hourly/daily/weekly backups.
• Only data or complete images? On-site and/or in the cloud?

Ensure you are not using default passwords and change your passwords regularly.

• Longer passwords are better than shorter passwords. Aim for a length of 16 characters.

Recognise and follow safe online practices, assign a dedicated IT manager.

• Set clear policies & assign system owners to ensure accountability and be resilient if something goes wrong.

Getting started

IT security can appear as a giant web with no obvious starting point. But a little work here and there can go a long way. Take a step toward making your business hidden and secure compared to your competitors.

If you’d like to discuss how your business can deploy the right IT security strategies, contact the team at Sentrian. Sentrian can work with you to develop a scalable IT security plan that fits your business.