+
EDITOR’S QUESTION
/////////////////
NICOLAI SOLLING,
CTO AT HELP AG
C
yber-extortion involves attackers demanding payments rather
than just stealing money via the cyber realm. This therefore
requires them to have some leverage which could be sensitive
data or disruption of services. The most common types of cyber-
extortion attacks are therefore ransomware and Distributed Denial
of Services (DDoS) as well as taking payment for not disclosing data
obtained through hacking.
We have had our share of ransomware and DDOS extortion schemes
here in the region, though the disclosure of these is less frequent
or under the radar of the general press. I’ll focus on ransomware, a
threat that by all accounts is set to growth in scale through 2018.
What organisations need to understand is that with the type of
encryption that modern ransomware now uses it may be very
difficult to recover data without the encryption key. It is actually this
key you pay for when you pay the ransom. You should also know that
there is no guarantee that once you’ve made the payment (usually
a Bitcoin transaction) the attacker will actually provide you with the
encryption key; they may not even have it!
In fact, less than 51% of the organisations
paying the ransom actually get their data
back. Organisations were much more
successful in recovering data from a back-up,
so I advise clients that protection begins with
good data management practices. I think a
basic precaution against ransomware and
a good practice in general is to maintain a
back-up of sensitive data.
This back-up could be within the data centre,
disaster recovery site or even to a cloud
platform if you cannot provide the correct
infrastructure yourself. There are plenty of
solutions that manage and automate this and
a good back-up and recovery solution should
be a part of any large businesses’ IT strategy.
Then there is the categorisation and
management of data which helps ensure
sensitive information does not get into the
www.intelligentcio.com
wrong hands. Even without ransomware, data that is exfiltrated
from the organisation can be used for cyber-extortion. At Help AG,
our Cyber Security Consultancy division assists the organisations
in establishing frameworks that govern information throughout its
creation, storage, use, sharing, archiving and destruction, and ensure
protection of the confidentiality, integrity and availability of those
data assets through their life cycle.
Again encryption keys come into place, but this time it is around
how you manage them and not the attackers. Hand on heart, I
believe that too many organisations do not
have a proper strategy regarding how they
encrypt data at rest or in motion and how
they obtain the correct life cycle around
encryption key management.
“
EVEN WITHOUT
RANSOMWARE,
DATA THAT IS
EXFILTRATED
FROM THE
ORGANISATION
CAN BE USED
FOR CYBER-
EXTORTION.
Employee awareness and vigilance is also key
to combating cyber-extortion. Your workforce
needs to be mindful of the kinds of emails and
attachments they open and download from
questionable sources. With ransomware having
successfully added mobile devices to the list
of targets, users should also be mindful of the
apps they download and take precautions such
as avoiding third party app stores.
I still believe that the old saying around ‘it all
starts with an e-mail’ and a lot of malware
does start there. So please try to ensure that
your technical controls are efficient and that
your users are alert and educated. n
INTELLIGENTCIO
37