Ransomware protection: A little effort goes a long way
IN recent months, Southeast Asia has been continuously hit with cyberattacks and espionage campaigns that had caused widespread discussion.
Some noteworthy ones include Philippines’ government employee data breach of 1.2 million records, the hacking of all Thailand’s ministries websites and the infamous Bjorka hacker, with a series of high-profile hacks against the Indonesian government. These types of attacks serve as a wake-up call for us to take greater steps toward cyber resilience in order to protect our cities from similar incidents in the future.
Across the globe, cyberattacks increased 38 percent in 2022 and they show no signs of slowing. Unplanned costs associated with the outages, incident response, fines and ransomware payments are averaging over $1 million per incident. We are also seeing cyber criminals upping their games and leveraging more sophisticated attacks against cities and organizations. Now with the advent of generative AI tools like ChatGPT, it is possible for criminals without any coding knowledge or advanced English writing skills to quickly create realistic phishing emails and malware.
So what can be done? It may seem surprising, but cybersecurity is really about people, process and technology — in that order.
First, start with cyber safety tips and training for employees that make sense. Frequent cybersecurity awareness training is crucial to partially protect cities against ransomware. This training should instruct employees to do the following: Not click on malicious links; never open unexpected or untrusted attachments; avoid revealing personal or sensitive data to phishers; get approval/verify software legitimacy before downloading it; never plug an unknown USB into their computer; use a VPN when connecting via untrusted or public Wi-Fi; do not open personal emails that have not been checked by corporate protections; use unique passwords for every application and multi-factor authentication for access to confidential applications and data, and never count solely on employees to make the right decision when targeted with a good phishing email. IT must have multiple layers of defense since employees will click on anything.
Second, keep software updated and patched. Ransomware attackers sometimes find an entry point within your apps and software, noting vulnerabilities and capitalizing on them. Some lower cost security vendors have also been the compromised vector. Fortunately, most OS and app developers are actively searching for new vulnerabilities and patching them as well as quickly responding to new vulnerabilities. If you want to make use of these patches, you need to have a patch management strategy and tools in place — and you need to make sure all your team members are constantly up to date with the latest versions. Weekly “credentialed” vulnerability scanning validates that all systems are up to date and, if not, need attention. Keeping computers and servers up to date and applying security patches, especially those labeled as critical and high risk, could help to limit a city’s vulnerability to ransomware attacks.
Third, choose prevention over detection. Many technology vendors claim that attacks will happen, and there is no way to avoid them. Therefore the only thing left to do is to invest in technologies that detect the attack after it has already breached the network and mitigate the damage as soon as possible. This is not true. Not only could attacks be blocked, but they could be prevented, including zero-day attacks and unknown malware. With the right technologies in place in your cloud assets, your laptops and computers, your email protection and your firewalls, most attacks, even the most advanced ones, could be prevented without disrupting the normal business flow.
Finally, work with city leaders to ensure the program is fully funded, the program gets more mature and continues to build cyber resilience by continuously assessing your vulnerabilities, establishing and practicing an incident response process for when attacks happen and keeping up to date on the latest cyber threats and trends. Remember that cyber criminals are always trying new ways to break into your systems, and you and your team must continue to be vigilant and stay a step ahead of them.
Teong Eng Guan is the regional director for Southeast Asia and Korea at Check Point Software Technologies, a provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.