Page 30 - CCCA Magazine. Winter 2018
P. 30
{ FeatUre }
“
While some of the perpetrators are current or former employees looking to disrupt
business, most are professional organized crime groups—some of the largest and
most powerful in the world. it professionals are not trained to deal with this.
”
Daniel Tobok, CEO, Cytelligence Inc.
Given the complexity of ransomware attacks, in-house coun- manufacturer. They lost millions of dollars in business and
sel should plan to hire a professional cyberbreach response frm products that went bad in their automated freezers in the three
that can accurately assess the situation, negotiate the ransom days they were down. This is serious stuff.
and, most importantly, guarantee the threat actors can actually
decrypt the information. The Aftermath
I see many attackers who disappear once the ransom is paid Some companies hire just for this step: decryption and getting
because they do not actually have the key. How does this happen? them back to business as usual. However, I highly recommend
On the dark web, they can buy ransomware as a service. There you perform a forensic investigation.
are turnkey solutions for $10,000 to $50,000 that enable them One of the biggest problems with ransomware is the fact
to encrypt people, extort them for money and then have that that you were compromised in the frst place. You must fnd the
money laundered. But for as little as $2,000, they can buy just a cause and fx the vulnerabilities.
way to penetrate a network and dump their payload—without In addition, given the new breach notifcation requirements
a decryption key. Make sure any frm you hire has a process to that came into effect on November 1, you need to know wheth-
determine whether the perpetrators actually have the key. er any data was compromised and whether there is a privacy
The moment the breach response frm is engaged, they get breach to report. If there is no breach, you don't necessarily have
online to assess the situation and determine your best course of to report the attack—many do not—but the only way to know
action: essentially to pay or not pay. I only recommend paying is to conduct the investigation. Ignorance is not a good defense.
when there is no other choice—there are no back-ups, it's going Ransomware is not going away. The perpetrators are increas-
to cost too much to recreate the data, there's a direct risk to the ingly in different jurisdictions and untouchable, and currently,
business in terms of loss, reputation, functionality, and so on. there are no multinational, international or global partnerships
And in a lot of cases, there is no choice. where we can help each other go after them. We are way behind
How long does it take to get back online? On average, one to the bad guys when it comes to technology-based crimes.
three days from beginning to end—but the impact in that short As in-house counsel, this is your problem. When my company
time can be signifcant. Your organization is stuck. Municipali- is called in, we spend most of our time working with you as the
ties, for instance, cannot perform vital functions, accept taxes lead. You need to make sure you are informed, prepared and ready
or distribute funding to essential services. Retail and manufac- to act if faced with an attack as you drink your morning coffee. ❚
turing companies in any industry cannot deliver on goods and
services. A recent client, for example, was a large baked goods
Daniel Tobok is CEO of Cytelligence Inc., a leading international cybersecurity
frm. He is an internationally recognized cybersecurity and digital forensics
expert. He regularly advises executives and in-house counsel at Canada's top
tHe best deFense corporations and private companies. Reach him at dtobok@cytelligence.ca.
We live in the era of the computer, where cyberattacks have 4 Back up critical systems to a separate server. One of the best tips is
become the new norm. Here are seven best practices to ensure your to back up critical systems and store those back-ups off-network.
organization has a solid defense against ransomware. 5 Track threats and ransomware trends. Be up to date on
1 Take an inventory of all your devices. You must frst understand ransomware protection and local threat intelligence so you can
what types of technology you need to protect. This will be take action before any threats arise.
challenging but keeping a live inventory helps you see where an 6 Harden your endpoints and access points above industry
issue may occur and how you can avoid it. standard. At minimum, ensure that all devices coming onto your
2 Automate the patching of software and other security tasks across network meet your security requirements and that your network
all devices. This seems straightforward but many fail to do it. can scan any new piece of hardware or software for missing
Automating removes the possibility of human error. patches, infections or suspicious traffc in milliseconds.
3 ensure you have segmented your network. A network breach 7 Implement regular training. Employees are one of your frst lines
is the worst-case scenario. Limit the spread of ransomware of defence, which means cybersecurity training should be a top
by segmenting the network. This could include strategies priority. They should be able to recognize and react accordingly to
such as micro segmentation in virtual environments, or macro potential threats.
segmentation to a physical or virtual network.
30 CCCA MAGAzInE | WInTER 2018 HIVER