Lincolnshire County Council (LCC) is the latest victim in a cyber attack which saw its network shut down when it refused to pay the £1m ransom. Luckily, it would appear, that when the alarm went off LCC were quick to react and recover. It would indicate that it had a plan in place to cover the eventuality.
Ransomware is a nasty form of malware often delivered as an attachment to spammed email and, as such, it could be considered a time bomb waiting to explode in any organisation handling personal data or providing important services.
There are some really great practical tips for preventing ransomware attacks in this post by Bill Hearn on Linkedin 11 things you can do to protect against ransomware.
But, to add to these great suggestions, we’re adding our own, more general steps for addressing the ever-increasing threats of cyber attacks:
Analyse & evaluate all potential risks - consider the likelihood of a risk occurring and it’s probable impact, and devise a treatment plan based on findings.
Record and track security incidents - develop a process for handling incidents satisfactorily as they occur. Alerting the right people at the right time can be critical to how you respond to a security event, and recording the information will provide valuable learning.
Manage your suppliers - ensure your supply chain is as strong, or stronger than you are. Evaluate, monitor and manage key suppliers to ensure the integrity of your systems and your data.
Build a security culture - put information security at the core of the organisation. Cyber security needs to be driven by top management, and with successful mechanisms for security training, right through from recruitment and screening to exit. Gone are the days of information security being the sole responsibility of the IT department.
Create a disaster recovery plan - business continuity planning is essential to ensure you respond and recover well from any incident that occurs….oh, and keep it outside of your internal network. If you suffer a distributed denial of service (DDoS) attack it must be accessible remotely to ensure a speedy reaction and recovery.
One thing is for sure, cyber security will continue to be a major business threat. The challenge is to put everything in place to minimise the risk, but also the procedures and policies to react and recover without surrendering to potential ransoms delivered against the ticking clock.
Organisations should not focus purely on prevention. They must accept that a determined and capable attacker has every chance of succeeding in his attempt to cause maximum disruption for financial gain.
Instead, firms should consider a more balanced approach that includes detection, response and recovery.
In short, organisations could do a lot worse than to implement a comprehensive information security management system (ISMS) such as ISO 27001. ISO 27001 is commonly accepted as the blueprint for information security ‘best-practice’ and its implementation will ensure that you have adopted this balanced approach.
Far from being difficult to implement and maintain, ISO 27001 can be managed simply and effectively using a software solution such as ISMS.online. ISMS.online provides everything needed to manage ISO 27001, with excellent frameworks and tools to address all of the five points we’ve covered and more.
It's time to stop watching that ticking-clock and waiting for the alarm to go off. It's time to plan. Be ready for the inevitable incident to ensure it's merely a disruption and not a disaster.