
IAF Awareness and Readiness survey 2023
We are delighted to bring you our third individual accountability framework awareness and readiness survey report in partnership with the Compliance Institute.
With ransomware attacks on the increase, Irish businesses must take all precautionary measures to protect network, systems and information from this type of cyber-crime. Furthermore, an organisation must be prepared to triage, investigate, contain, eradicate, and recover from a ransomware attack, should it materialise.
Bringing business critical systems back online affected by ransomware takes time. It can take several days or weeks and typically involve external security experts investigating ransomware incidents to determine the extent of damage and compromise of sensitive data.
Ransomware has been around for the last decade, but what exactly is ransomware? It is a type of malware that prevents you from accessing your computer and encrypts personal data, files and folders (documents, spreadsheets, pictures, and videos). A cyber-criminal will then demand a ransom payment to return the files and folders to you.
A ransomware attack is typically delivered via an email attachment like an executable file, an archive or an image. It can also get onto your computer via infected USB stick, or portable devices, phone or through visiting a compromised/exploited website. Once the attachment is opened or a user visits the compromised site, the malware is released into the system.
The infection is not immediately apparent to the user. The malware operates silently in the background until the system or data-locking mechanism is deployed. Then a dialogue box appears that tells the user the data has been locked and demands a ransom to unlock it again. By then, it is too late to save the data through any security measures3.
See below a couple of screenshot examples
Cybercriminals are often motivated by money and tend to attack pipelines or the likes of banks or organisations who can afford to pay the ransom. The attack on the Irish Health system is recognised as a malicious act, performed by cybercriminals that have no regard for the impact on patients or children who need access to essential medical services.
The rise of cryptocurrencies, such as bitcoin, has resulted in an explosion of ransomware attacks. Cybercriminals like bitcoin payments are difficult to trace and can be transferred electronically without assistance from banks or other regulated institutions. These factors have led to an increase in ransomware attacks.
For CNI organisations, ransomware is the top threat. According to a recent UK National Cyber Security Centre (NCSC) report4, 84% of UK CNI providers experienced cyber-attacks in 2020, and 93% of those providers admitted that at least one attack was successful. For these larger organisations and institutions, the aim can include relying on human error to open the backdoors to an attack, blocking access to healthcare, education, or critical government services until the ransom demand is paid. While this threat has always been present, the move to home working has exacerbated the problem. A recent cyberattack on the National College of Ireland and Queen’s University in Belfast5, for example, highlighted the vulnerability of educational establishments now increasing their use of technology to move lectures online for thousands of students.
Mazars asked leading IT managed service provider Renaissance to provide their industry insights into ransomware.
None of the 80 NHS organisations affected by WannaCry had applied the Microsoft update patch advised by NHS Digital’s Care CERT bulletin on 25 April 2017 following the receipt of intelligence of a specific threat from BT on 24 April 2017. Most NHS devices infected were running the supported but unpatched Microsoft Windows 7 operating system6.
Lessons learnt from other ransomware attacks can help to prevent a cyber-attack from happening in the first place. Unpatched systems are not the only known vulnerabilities; organisations must adopt a zero-trust technical and organisational approach:
Refer to the cyber security protect checklist for information on how to minimise cyber security risks. If you are answering no or not sure to any of these questions you may need to review your organisations current approach to cyber security.
Cyber security protect checklist
If you think your IT system is infected by ransomware, take the following immediate actions.
The Irish Government, Gardai and the NCSC believe industry and the public should not pay a ransom as there is no guarantee you will get access to your data, and you will be funding cybercriminals. Should your organisation be a victim of a ransomware attack, you must consider all these points.
For the next ten years, cyber-attacks are ranked as the second risk for business globally7. Not only for Ireland’s operators of essential services such as healthcare, education, energy and banking, but for all industry sectors. Now is the time for Irish organisations to act, to prevent or to minimise the disruption from future ransomware attacks.
Sources
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.