LEADING cyber experts are warning organisations that they must ‘plan to fail’ in order to protect themselves from malicious software attacks.
Recent reports have suggested that one in three UK businesses would pay a sum to retrieve their systems should their organisation fall victim to a ransomware attack.
Ransomware sneaks into workplace systems via emails which deceive the recipient into opening attachments containing malware – a technique known as phishing. It then locks the files on the recipient’s computer, demanding payment in order to regain access.
Gerry Grant, Chief Ethical Hacker at the Scottish Business Resilience Centre (SBRC) believes that businesses must plan to fail when it comes to harmful ransomware attacks.
Gerry, who works integrally at SBRC to raise awareness of cyber-security and assist Scottish businesses to improve their online safety, proposes a number of simple key steps for organisations to take in order to prepare themselves.
He said: “Businesses should ensure that all antivirus is kept up to date and that they have recent and reliable backups of all systems.
“Prevention is always the best form of defence. All users should have good awareness of this potential threat to the business, what to look out for and what to do should an attack happen.
“They should be wary of random messages, odd emails containing invoices or urgent payment details and attachments. Modification of numerous files in a short space of time is also a major giveaway, as well as unusual network activity.”
There is no guarantee that the encrypted files in a tampered system will be freed with ransom payment and hackers may continue to ask for more money even after an initial sum be paid.
Gerry added: “The best way to contain an attack is to disconnect all of the infected computers from the network, and if the computer cannot be isolated, then disconnect the shared drives.
“Reimaging the device is the only remedy for ransomware attack – removing the computer of all software and reinstalling safely.
“Businesses can prevent any future attacks by immediately updating their antivirus systems, ensuring that no malicious files remain and monitoring network traffic to check it is back to normal.
“Preparing for the worst case scenario and planning to fail, means that ultimately, businesses are able to recover much quicker with minimal impact to the everyday running of the organisation.”
The SBRC was set up with the objective of creating a secure Scotland for business to flourish, encompassing everything from cyber security to all aspects of premises and employee safety.
It offers help to all Scottish businesses, especially SMEs who perhaps don’t have the resources to defend themselves from threats in the same manner as larger corporations.