As invaluable as digital tools are to the running of organisations, they also come with risks. In recent years, cyber crime has been accelerating in frequency, level of impact and the time it takes for adversaries to gain access to your environment. The seedy underbelly of online connectivity has become an increasing challenge for businesses as they struggle to protect vital and sensitive data from a barrage of cyber threats which have the potential to cost them everything from money and time to reputation.
Within minutes, perpetrators can complete a subtle initial implementation – so subtle that it won’t be picked up by antivirus software. This can then escalate to these cyber criminals being able to actually run programs such as MS PowerShell in your environment to rapidly find, filter and export information!
Just 18 months ago, an attack that might have taken 10-20 hours can now be done within minutes, and adversaries can take over all your data, encrypt it and lock you out, and then go on to sell your data on the dark web. These days, ransomware operators don’t even need to be very competent, as the barrier to entry is very low. For as little as USD $2,500, they can pay an Access Broker to perform the initial intrusion and sell that access on to them to take a step further and hold the victim to ransom.
Access Brokers enable a cyber crime organisation to run efficiently as a business, complete with “salespeople” who have targets and KPIs to meet around the number of system breaches and victims they can facilitate. On the dark web, Access Brokers advertise catalogues of access. Many organisations are listed in such catalogues and have no idea! While ransomware operators want to get in and out as fast as possible, Access Brokers come in quietly and curate the access they have to sell it on.
At the same time, the explosion and improved ease of use of cryptocurrencies allows ransomware operators to collect their ransom payments anonymously. Ransomware operators have realised that their ransom isn’t always being paid, so they’ve started employing tactics to further twist the knife and put pressure on victims.
If the threat of losing access to all your data and that data being sold isn’t enough, ransomware operators can now email all your employees or customers. They have also started contacting regulators like the NZ Privacy Commission, notifying them that they have hacked a particular company so that the victim is forced to reveal the breach and is therefore under even more pressure to pay the ransom. Unfortunately, even if the victim pays the ransom to secure their data, there’s no guarantee that the ransomware operator hasn’t already made a copy they will still go on to sell on the dark web.
So, what can businesses do to defend themselves against cyber threats?
While the potential impact of cyber crime can certainly be dire, businesses don’t have to remain helpless. When it comes to developing a cyber attack prevention plan, Deloitte New Zealand identifies several key steps you can take:
Know your greatest information assets and look for external support
Proactively evaluate your cyber risk
Promote awareness of the threats, risks, challenges and solutions throughout your business
Fortify your defences to protect vulnerabilities
Be prepared for the inevitable
One of the most crucial aspects of protecting your business against cyber attacks is putting the right people in place to help. For many businesses, particularly medium to large organisations, having dedicated cyber security professionals on their team will dramatically reduce their risk profile and ensure their data has the best possible defences. Of course, if you’re entrusting mission-critical and confidential data to someone, you’ll want to know it’s in the right hands!
This is where we come in. Here at Beyond Technology, we are New Zealand’s largest and most capable Technology, Transformation & Digital recruitment agency. Each of our candidates is hired for their expertise in their specialist area and ability to consult with businesses on their talent needs. If you’re looking for top-notch Security Specialists to ensure your business is in the best position to avoid cyber threats, feel free to get in touch with me for a confidential chat.