[vc_row][vc_column][vc_column_text css=”.vc_custom_1604244220117{padding-bottom: 50px !important;}”]The start of this year could not have been worse for currency exchange giant Travelex. A ransomware attack called Sodinokibi forced the company to shutdown online operations for two weeks, limiting their services to manual transactions and issuing paper receipts \u2013 an unwelcome d\u00e9j\u00e0 vu to doing business in the 1970s.<\/p>\n
The attack also disrupted services for Barclays, HSBC, Royal Bank of Scotland, Virgin Money, Sainsbury\u2019s Bank, Tesco Bank\u00a0and Asda, all companies that\u00a0rely on travel exchange services powered by Travelex. Finablr, Travelex\u2019s parent company, watched as their stock dropped 16% before settling at a record low.<\/p>\n
The attackers reportedly sought \u00a34.6 million to decrypt the company\u2019s data. This\u00a0sounds like large sum of money until you begin to tally the true costs that the company will be made to bear for months to come, including:<\/p>\n
You might be surprised to learn that cybersecurity attacks like this one happen with alarming frequency: an attack occurs every 14 seconds[1]<\/span><\/a>\u00a0with over 4,000 ransomware attacks happening every day.[2]<\/span><\/a>\u00a0Over half (59%) of companies in the US and UK have experienced a third-party data breach.[3]<\/span><\/a> These attacks are not isolated to large companies either. In fact, cybersecurity attacks on small- and medium-sized businesses is growing rapidly as attackers have begun to assume that these targets are easier to penetrate.<\/p>\n The problem almost always starts in the same place: many companies do not\u00a0really have a clear picture of their own networks \u2013\u00a0what assets they have and how those assets connect to one another. This basic-but-essential knowledge is the foundation\u00a0for any cyber security strategy.<\/p>\n From there\u00a0the risks can be grouped into three categories: problematic network design, poor system maintenance, and human error.<\/p>\n Network design.<\/em>\u00a0Many networks are messily organised and poorly segregated\u00a0which means that they have myriad vulnerable points. Once one part of the system is breached, malware can spread quickly and easily, infecting the rest of the network.<\/p>\n Network maintenance.<\/em>\u00a0Networks are not well maintained either. Security patches are not deployed properly or in a timely manner\u00a0which again leaves the network vulnerable to attack.<\/p>\n Human error<\/em>.\u00a0Human fallibility is inevitable:\u00a0people make mistakes\u00a0so it is important to have systems designed to take this into account. An easy way to manage that is by keeping on top of user permissions, namely\u00a0ensuring that employee user profiles are not\u00a0granted more network privileges than is necessary because at the end of the day more privileges means more risk.<\/p>\n It is important to have business continuity and disaster recovery plans in case of attack so that if all else fails your business can keep operating or recover quickly<\/em>. Some of the additional best practices for any company, large or small, include: having periodical information security tests<\/a> performed on company\u2019s networks and applications, carrying out\u00a0information security training programmes for employees, and ensuring that all employees are briefed so that company\u2019s action plans can be put into motion at a moment\u2019s notice.<\/p>\n A proper incident plan<\/a> is proactive, not reactive. It involves backing your data frequently and securely so that if an attack happens you can get back to doing business quickly. It is the road map that enables you to diagnose, treat and recover from attacks. It clearly defines and delegates crisis response roles so that in the event of an attack your company can respond\u00a0immediately<\/em>\u00a0with focus and clarity of purpose. A proper incident plan demonstrates to your clients, partners and regulatory bodies that your company is responsible, informed\u00a0and, therefore, trustworthy.<\/p>\n Companies of all sizes are at risk of cybersecurity attacks. As the old adage goes: an ounce of prevention is worth a pound of cure. Invest in an ounce of prevention, starting with a proper risk assessment and layered defence strategy, before you are forced to pay pounds for a cure.<\/p>\n References:<\/p>\n [1]<\/span><\/a>\u00a0https:\/\/www.internetx.com\/en\/news-detailview\/die-10-gefaehrlichsten-ransomware-varianten-der-letzten-jahre\/<\/span><\/p>\nReduce the impact of cybersecurity attacks<\/span><\/h2>\n