Tips for companies to safeguard themselves against cyber attacks like ransomware

Almost a month after one of the biggest ransomware attack ‘Wannacry’ hit the Windows-based computing systems, a new and highly virulent outbreak of Petrwrap/Petya ransomware has hit Governments, Corporations, and institutions equally.Pertwrap Unlike WannaCry, which merely scrambled the data files, overwrites a computer’s master boot record, making it tougher to restore even a backed-up machine. As per latest statistics, Ukraine, US, Russia, France, UK, Germany are worst affected (in that order) with big multinational Companies like Merk, Mondelez, Oreo, Nabisco getting impacted. Not surprisingly, India is the worst hit country in Asia.  Jawaharlal Nehru Port Trust made big news, being hit by the virus.

Usually, the Ransomware is a malicious program which encrypts the user’s files whilst self-replicating to other vulnerable machines on the same network. This one seems to be different in traits and has experts divided on whether it is a ransomware or a deliberate cyber-attack. As more and more news flows on the attack, it is reported that the attack does not have any financial agenda and the idea of the attack appears to be massive destruction of data.

As our money, ownership of assets goes digital and with every aspect of our lives being practically run through computers, it is pertinent that adequate caution is exercised. We may or may not be able to stall such attacks but their impact on our day to day life can at least be managed.

Effectively, each one of us is at risk of being affected by such attacks. Since the ransomware worms can impact any computer system. The extent of damage, however, depends on the preparedness of the affected system.

So, what can one do to thwart such attacks and be prepared? – There is no single pill to be taken for that. IT/Cybersecurity calls for a constant effort in making an organization ready to deal with attacks. However, mostly the efforts would fall under following major categories:

  1. Assessment and upgradations of IT hardware and software
  2. Sprucing up Backup management
  3. Disaster management and recovery plan
  4. Testing all above for effectiveness in case of a real threat
  5. Conducting regular system/risk audits for vulnerability assessments
  6. Restricting the sources of data transmission to and from the computers in the organization
  7. Last but not the least, a culture of security needs to be imbibed in the employees through training and mock runs.

And why should an organization put money and resources into sprucing up the IT systems and security? – In today’s connected world where all our information and details are available online (secured/unsecured), data is the new money. It is pertinent to have a strong control system including a strong IT policy in place to protect the organization and customer data. Data loss/theft may convert into a huge reputation risk for the organization and may lead to heads rolling and customers leaving the Company as it happened in the case of Sony Corp, Target and many other cyber-attack cases with corporates. Depending on the data at risk, organizations may also have to face fund crunch owing to ransom demands which may need to be paid.

Keeping in view the stakes, there really is no excuse for a lack of preparedness. The businesses and people must stop acting on a reactive basis. On the other hand, Government needs to amend the Information Technology Act and make it more specific and give it more teeth to chalk out the roles and responsibilities, accountability and liabilities intermediaries like corporate agencies in case of such offenses. There also is an absolute need for public-private partnership and international cooperation to detect, investigate and prosecute the attackers at par with terrorist organizations on a global level.

It may be too late but nevertheless, India should enact its cyber security legislation providing clearer insight on the roles, responsibilities, and liabilities of the stakeholders and suggest a proactive protection mechanism.

“The threat is real and imminent, either Prepare or Perish”

Leave a Reply