Tag Archive for: cybersecurity

Xchanging, a subsidiary of DXC based in the UK,  was attacked with ransomware on July 4th, 2020.  Mark Hughes, senior vice president of offerings and strategic partners at DXC Technology, wrote an article in the Harvard Business Review titled “5 Lessons We Learned From Our Ransomware Attack”. Hughes explains that a message was received from the attacker with a cartoon character making an obscene hand gesture and the note:  “We have your data.  We’ve encrypted your files. If you want to negotiate, we can talk on a secure tool or chat session.”

You might think Hughes’s first move would be to strike up the negotiations with the attacker. Instead, Hughes pinpointed the systems that were accessed and quickly isolated and neutralized the threat. The average ransomware attack takes 16 days to restore back to operational functioning. On July 5th, just one day after the attack, Hughes’s team had already cleaned and restored the impacted environment, and by Monday, July 6th Xchanging was processing insurance policies again.  

Hughes’s experience can provide many valuable lessons on how to deal with ransomware but we will just review his top 5 from the article. 

Know Your Infrastructure

First, know your infrastructure.  You need to regularly apply basic software patching hygiene. Also, make sure all networks and firewalls have enterprise security tools in place as they will alert you to malicious activity. In Hughes’s ransomware attack, the hackers used “grayware” to exploit Microsoft Windows and launch malware. While the attack was not prevented, Hughes’s team was quickly alerted that something wasn’t right and they were able to identify where the network was compromised. 

Include Senior Management

Hughes’s second point is to include senior leadership from the start. The reason why you want to include senior management is that they can make critical decisions quickly. For example, in Hughes’s crisis, senior management made the decision to sever all connectivity with Xchanging systems. This involved action from IT teams in the UK and India, and as Hughes puts it “engaging leadership from those teams allowed the shutoff to happen quickly and efficiently.”

Contact Your Authorities

Step three is to engage authorities and experts early. Law enforcement and security experts have experience dealing with ransomware cases and can give ideas on how to manage the attack and get legal support. In Hughes’s case he notified law enforcement in the United States that the ransomware was programmed to send Xchanging data to website domains in the U.S. By the end of the day, he had already received a court order to take control of the attacker’s internet domains.

Don’t Pay the Ransom

Step four is to gain as much leverage as you can and don’t pay the ransom. The experts agree – don’t pay the ransom. In the U.S. and UK measures are being taken to legally enforce against paying ransoms in a cyberattack. Hughes suggests that if you do decide to negotiate a ransom with cybercriminals, bring an experienced ransom broker on board.  

 Be Transparent

And finally, be transparent. Sharing information can help keep others safe and mobilizes a whole bunch of help from those you are in contact with including colleagues, authorities, and the security community. Hughes notified the public with a news release on Sunday, July 5th, and a few weeks later to inform the public that the ransomware was contained.

Ransomware attacks can be a messy business. There is much to be learned from Hughes’s experience on how to overcome ransomware. The writer concludes that Hughes is a hero because he not only saved his company but also passed on that saving information to us. 

The best way to avoid cyberattacks is to be prepared. Small businesses are especially at risk of attack because they are like low-hanging fruit to hackers – the most vulnerable, with the least amount of security policies and practices implemented. A little prevention will save you a lot of headaches and money in the long run. 

1. Avoid phishing scams through email

Phishing is quite common. It is the practice of sending fraudulent emails professing to be a reputable person or company. For instance, a hacker might send you an email posing as a coworker. The email appears to be legitimate but it’s not. Often the perpetrator is trying to glean personal information like passwords, employee data, company credentials, or even credit card numbers.

It’s important to screen all your emails before clicking on any links or responding to them. Don’t click on links or open attachments unless you are certain about who the sender is. If it seems questionable, forward it to your IT team for them to investigate it.

2.  Avoid malware and ransomware through a virus

Viruses can infect your computer through either email or a download from the internet. Working remotely has increased the likelihood of infecting your computer with malware or ransom because those who previously worked closely with a team are now physically distanced with less communication between coworkers. You need to have a strong anti-virus strategy in place to safeguard against the potential threat. 

This is also why it’s also important to have a backup system in place. Back-ups are your plan B when your organization’s data infrastructure is eventually compromised with malware or ransomware. They provide your organization with assurance of data security and integrity.

3. Use Strong Passwords

Don’t underestimate the strength of a good password.  Although often overlooked, a good password is a first step in protecting your system. A strong password would be at least 12 to 15 characters in length and include capital and lowercase letters, and numbers. Use a new password that is long and hard to break for each of your password-protected sites. 

You can keep all these passwords securely in a password-protected keeper service.  You will only need to remember the password to enter your vault.

4. Be sure to train your employees

Your employees are your front-line defense against cybercriminals. It’s important to have them well-trained on how to spot a cyber threat. Enroll your employees in cybersecurity training, or create and regularly conduct your own training specific to your organization. There are certain trainings that are required by the industry such as PCI training requirements.       

5. Keep all your software up-to-date

Hackers are looking for holes in your software’s programming code that will allow them to infiltrate your network. Developers are continually updating their code to provide “patches” for these holes. It’s important to keep your devices up-to-date with the most current patches.  

6. Back up everything, all the time

In the best-case scenario, you need to have three copies of all your data:  the original, a backup for yourself, and an offsite copy. There are many off-site backup options that will monitor your data for changes and automatically update as changes occur. External hard drives, a separate computer, or a flash drive are all ways you can also back up your data.            

7. Become a limited user

You want to become a limited user on your computer instead of an administrator.  Administrators have the authority to install and remove software. This means if you innocently stumbled across a website that has malware on it, the malware could instantly go to work infecting your computer. “However, if you’re not your computer’s administrator, the malware won’t work. Why? Because only the administrator has the authority to make changes to your system’s software.”

8. Don’t solely rely on antivirus programs to protect you.

Antivirus programs may provide you with a false sense of security. They can’t keep up with all the threats out there. They can provide warnings and even block some malware or attacks.  Be sure to update them regularly.   

9. Don’t trust anyone.  Always think before you act.

Hackers will use your friends, family, or business to lull you away into a false sense of security. Before you click on a link or attachment from a friend take a moment to consider whether you’re expecting an email from them. Remember never to give out your account number or password.

10. Don’t become complacent about cybersecurity

Hackers are banking on you letting your guard down. Stay vigilant and assume you’re always under attack from outside threats.