At the recent East Midlands Cyber Security Forum (EMCSF), I was fortunate enough to have the opportunity to chair a panel session on the topic of ransomware.
The panellists were Detective Inspector Daniel Lawrence from the National Cyber Security Centre, Mark Chimley from Genus One, and Matt Roberts from ESG Rail.
I picked up three key messages:
1. The need to share experiences.
2. Simple ideas can make a big difference.
3. Backup, Backup, Backup.
Taking these one at a time…
The need to share experiences
My name is Colin and I’m an alcoholic…
My company is Qonex, and we’ve been hit by ransomware…
NEITHER ARE TRUE BY THE WAY – yet anyway!
The point is, don’t cover up experiences of ransomware (or other malware infections for that point), talk to people about it. As a community, there is a need to be open, share experiences and help the community be better prepared.
One of the panellists, DI Daniel Lawrence, championed the Cyber-Security Information Sharing Partnership (CiSP), which provides a great, secure and focused platform to enable this.
Simple ideas can make a big difference
Here’s a simple idea that was new to me…
8% of ransomware is delivered via ‘goodies’ hidden inside advertisements from legitimate sites. (Source: TrendMicro report)
So, if you deploy an adblocker you can significantly reduce this risk factor.
In my own experience, there are a few websites that grumble about blocking ads, on the basis this is how they make their money. You have to make your own choice at that point – do you take the risk and enable ads for them, or do you navigate to a competing website?
Backup, Backup, Backup.
Keeping on the simple theme, I liked the 3-2-1 backup strategy.
THREE copies of every item of data, in at least TWO different places, ONE of which must be offline.
In summary, ransomware is here to stay, but you don’t have to become a victim. Good cyber hygiene will prevent all but the most determined hostage takers.
East Midlands Cyber Security Forum (EMCSF)
There is further information on ransomware available from the event on the East Midlands Cyber Security Forum website, including some video summaries and presentations.
I’m looking forward to the next EMCSF event in the New Year, where I anticipate picking up some tips on Cloud security.