Small and medium-sized Kiwi companies and organisations have been warned: They are not immune from global cyberattacks just because of the size of their operation.
Peter Mackenzie, rapid response manager at leading global cybersecurity firm Sophos says he has known companies with less than 10 employees who have been hit with $1 million ransomware demands.
"Many companies assume they are too small to be a target and this is one of a number of misconceptions about IT security," he says. "The truth is it doesn't matter. If you have processing power and a digital presence you are a target no matter how big or small your operation is."
Mackenzie made his comments on the heels of new evidence revealing how widespread the problem is in New Zealand. A cyberattack that impacted companies all over the world earlier this month also hit up to 11 New Zealand schools.
And the March quarterly report of government body CertNZ shows that between February and March more than 1400 cybersecurity incidents were reported in New Zealand with a combined loss of $3 million.
Mackenzie says there is no silver bullet offering protection against cyberattacks. "Without a doubt the problem is getting worse and it is impossible to know how many attackers are out there.
"Despite the media headlines, most attacks are not perpetrated by advanced nation-states but are launched by amateurs looking for easy prey and low-hanging fruit – organisations with security gaps, errors or misconfigurations that cybercriminals can easily exploit. If you believe you are not a target you are probably not looking for suspicious activity on your network."
Mackenzie says another misconception is that blocking high-risk regions like Russia, China and North Korea will protect against attacks.
"While it is unlikely to do any harm, it could give a false sense of security," he says. "Adversaries host their malicious infrastructure in many countries including hotspots in the United States, the Netherlands and other parts of Europe."
Neither does paying a ransom guarantee a company will get all its data back. Sophos' 2021 State of Ransomware survey shows organisations who do pay recover about two-thirds (65 per cent) of data.
"A mere eight per cent got back all of their data and 29 per cent recovered less than half," Mackenzie says. "Paying the ransom - even when it seems the easier option and/or is covered by cyber insurance - is therefore not a straightforward solution to getting back on your feet.
"Restoring data is only part of the recovery process as, in most cases, ransomware completely disables computers meaning software and systems need to be rebuilt from the ground up. The survey also found that recovery costs are, on average, 10 times the size of the ransom demand."
Mackenzie says Sophos has identified seven other misconceptions around cybersecurity. They are:
We don't need advanced security technologies installed everywhere: "Attackers take full advantage of such assumptions. The list of attack techniques that try to bypass or disable endpoint software and avoid detection by IT security teams grows longer by the day. Servers are now the number one target and attackers can easily find a direct route using stolen access credentials."
We have robust security policies in place: "Policies for applications and users is critical. However, they need to be checked and updated constantly."
Remote Desktop Protocol (RDP) servers can be protected by changing the ports they are on and introducing multi-factor authentication: "By scanning, attackers will identify any open services regardless of the port they are on, so changing ports offers little or no protection on its own. While introducing multi-factor authentication is important, it won't enhance security unless the policy is enforced for all employees and devices."
Our back-ups provide immunity from the impact of ransomware: "If they are connected to the network they are within reach of attackers and vulnerable to being encrypted, deleted or disabled. The standard formula for secure back-ups is 3:2:1 – three copies of everything using two different systems, one of which is offline."
Our employees understand security: "Social engineering tactics like phishing emails are becoming harder to spot. Messages are often hand-crafted, accurately written, persuasive and carefully targeted. Your employees need to know how to spot suspicious messages and what to do when they receive one."
Incident response teams can recover data after an attack: "This is very unlikely. Attackers today make far fewer mistakes and the encryption process has improved, so relying on responders to find a loophole that can undo the damage is extremely rare."
The release of ransomware is the whole attack – if we survive that we're okay: "This is rarely the case. Attackers are likely to have been in your network for days if not weeks before releasing the ransomware. Maintaining a presence in the victim's networks allows them to launch a second attack if they want to."
For more information go to: www.sophos.com/en-us.aspx