Can your data be held to ransom?

By Steve Marsten

It was recently brought to my attention of a case whereby a businessman arrived at work and logged onto his system to start the day only to find that he had received an email (and a Text message) letting him know that his data was taken hostage and for a price it would be released. Now its one thing for your business data to be temporarily offline, yet its quite another for it to be criminally corrupted.

The cost associated with data breaches and damage to customer and client confidence may have the most severe consequences for an organisation which can lead to a significant loss of business and negative publicity.

Cybercrime is the fastest growing cause of data service interruptions. In 2014 the Australian Governments cybercrime division CERT dealt with 11,073 cyber security incidents affecting Australian businesses. Its fair to say that the real figure maybe twice that many given that many businesses are reluctant to notify bodies or prefer to deal with it in house.

So what is Cybercrime exactly? Cybercrime involves viruses, hackers, malware, distributed denial-of-service attacks (which are intended to take websites offline) and of course ransomware which was the issue with the case above.

Cryptolocker, which is a form of ransomware, and is spread via seemingly innocuous emails that appear to come from trusted sources such as postal services and government agencies impacted more then 1 million organisations globally last year. In respect of Australia’s numbers, the figure for Cryptoware is 60% of all local cybercrime.

I know we have received about 20-30 dodgy emails a week that are picked up in our security software. In The US they estimate the cost of Cryptolocker alone is more than $100million US dollars! The costs in terms of lost business however would drive that figure up considerably.

To properly protect your data there are a few things to consider:

1. Never assume your business is not big enough to be attacked. Hackers don’t differentiate between business sizes;
2. Back the system up daily – without fail;
3. Consider a disaster recovery plan before the disaster. What’s the plan if your entire IT environment was offline?
4. Copy your data to a site that’s designed for optimal security and shielded from hardware failures.
5. At Sothertons we are always discussing risk with clients to ensure that they have the necessary protection in place. Call us on 4972 1300.