Avoid Ransomware in Three Steps

Travel is one of many industries that are particularly at risk of cyber-attack because of the use of credit cards to make bookings internationally. So, it’s vitally important to tackle online threats with preparation, detection and mitigation.

Online security has never been more critical for businesses. There has been a 300% increase in ransomware attacks from 2015 to 2016, with major cyber-security threats to organisations from hackers and on-line fraudsters looking to exploit any weaknesses they can find.

The WannaCry ransomware attack earlier in 2017 was the tip of the iceberg. In March 2017, Abta, the travel trade organisation, was hit by a cyber-attack that affected 43,000 customers, while Norwich airport’s website had to be taken down and entirely rebuilt over a course of three days because a hacker had breached its security.

Preparation

The first line of defence against any attack is preparation – making sure software is up-to-date, that your business is using anti-malware software, and educating employees and managers about the strong reasons for maintaining security at all time.

Having layers of security is another important element for organisations’ data security. Adding extra protection for vital data assets and hardware makes the attackers’ job even harder, so a thorough review of systems can make a company’s data much more secure.

There are other techniques which can also help. Virtual Account Numbers, or VANS, are temporary account numbers linked to a credit card which expire after making an online purchase. The use of VANS can reduce risk because if an attacker intercepts a VAN then the information cannot be used to make further purchases as the card number will have expired.

For consumers this is particularly useful, but even more so for businesses. For example, providers will automatically generate a card number so that travel agencies can pay suppliers like hotels, car hire companies and tour operators easily and with the knowledge that even if there is a data breach, it will be isolated and the information will be of no use to the attackers.

Detection

Even the best defences sometimes falter, and malware can gain access to your system. Links can be clicked accidentally or a late software patch can result in a temporary window of opportunity.A medium-sized organisation can expect to experience as many as 1,000 virus events in a month.

A file integrity monitoring service, which would flag unusual actions such as encrypting operating system files, is one detection option. By looking across devices, a security information and event management system will be able to analyse events across the network to find any anomalies.

Mitigation

Reducing the impact of ransomware is the last resort – if malware does manage to penetrate your system without detection then it’s possible that your data will be held to ransom. Planning for this eventuality means that instead of paying criminals a ransom, with no guarantee that they won’t ask for more money or that you’ll get access to your data, you can take other steps which will keep your business running. A disaster recovery plan is essential.

Backing up data is key. By having a recent and fully-functional copy of your data, you have the opportunity to restore your systems. It’s important to be able to detect when the ransomware infiltrated your system, so that you can set the right recovery point as well as understanding the process of restoration.

Testing your back-ups is an important element of this process –only by conducting regular and on-going recovery scenarios can you discover whether you could restore your data in the event of a disaster. There is an added benefit for most organisations which add systems and data to their IT environments over time – the test will reveal any gaps in your protection that might have emerged.

Apply the three steps

The three steps to protection from ransomware will create a “defence-in-depth” security environment for organisations. Examining uses for new types of security, such as VANs, is an important consideration to make when looking to strengthen security within a company.

Travel is one of many industries that are particularly at risk of cyber-attack because of the use of credit cards to make bookings internationally. So, it’s vitally important to tackle online threats with preparation, detection and mitigation.

Online security has never been more critical for businesses. There has been a 300% increase in ransomware attacks from 2015 to 2016, with major cyber-security threats to organisations from hackers and on-line fraudsters looking to exploit any weaknesses they can find.

The WannaCry ransomware attack earlier in 2017 was the tip of the iceberg. In March 2017, Abta, the travel trade organisation, was hit by a cyber-attack that affected 43,000 customers, while Norwich airport’s website had to be taken down and entirely rebuilt over a course of three days because a hacker had breached its security.

Preparation

The first line of defence against any attack is preparation – making sure software is up-to-date, that your business is using anti-malware software, and educating employees and managers about the strong reasons for maintaining security at all time.

Having layers of security is another important element for organisations’ data security. Adding extra protection for vital data assets and hardware makes the attackers’ job even harder, so a thorough review of systems can make a company’s data much more secure.

There are other techniques which can also help. Virtual Account Numbers, or VANS, are temporary account numbers linked to a credit card which expire after making an online purchase. The use of VANS can reduce risk because if an attacker intercepts a VAN then the information cannot be used to make further purchases as the card number will have expired.

For consumers this is particularly useful, but even more so for businesses. For example, providers will automatically generate a card number so that travel agencies can pay suppliers like hotels, car hire companies and tour operators easily and with the knowledge that even if there is a data breach, it will be isolated and the information will be of no use to the attackers.

Detection

Even the best defences sometimes falter, and malware can gain access to your system. Links can be clicked accidentally or a late software patch can result in a temporary window of opportunity.A medium-sized organisation can expect to experience as many as 1,000 virus events in a month.

A file integrity monitoring service, which would flag unusual actions such as encrypting operating system files, is one detection option. By looking across devices, a security information and event management system will be able to analyse events across the network to find any anomalies.

Mitigation

Reducing the impact of ransomware is the last resort – if malware does manage to penetrate your system without detection then it’s possible that your data will be held to ransom. Planning for this eventuality means that instead of paying criminals a ransom, with no guarantee that they won’t ask for more money or that you’ll get access to your data, you can take other steps which will keep your business running. A disaster recovery plan is essential.

Backing up data is key. By having a recent and fully-functional copy of your data, you have the opportunity to restore your systems. It’s important to be able to detect when the ransomware infiltrated your system, so that you can set the right recovery point as well as understanding the process of restoration.

Testing your back-ups is an important element of this process –only by conducting regular and on-going recovery scenarios can you discover whether you could restore your data in the event of a disaster. There is an added benefit for most organisations which add systems and data to their IT environments over time – the test will reveal any gaps in your protection that might have emerged.

Apply the three steps

The three steps to protection from ransomware will create a “defence-in-depth” security environment for organisations. Examining uses for new types of security, such as VANs, is an important consideration to make when looking to strengthen security within a company.