This article originally featured in Logistics Matters
Ian Harragan
Director at i-confidential
The world has witnessed KNP Logistics being forced into administration following a ransomware attack on its systems, while Owens Group had a large volume of its data posted on the dark web following an attack from the LockBit ransomware operation.
Ransomware is undoubtedly today’s most prominent cyber-attack vector. It involves an attacker gaining access to an organisation’s network, then using a piece of malicious software to encrypt and lock up its data. The attacker then demands a payment for the data to be unencrypted, making the potentially false promise that access will be restored and business-as-usual will return soon after.
Ransomware is a major threat today because of its effectiveness at generating payouts for criminals. No organisation can survive long without accessing its data. This means, when ransomware strikes, chaos often follows quickly in its wake.
Logistics firms have become a prime target for ransomware because the impact such attacks can have on their operations is well understood. With their data encrypted by criminals, they can no longer plan driver routes, access telematics systems, or locate customer orders. This puts the business at a standstill. It also makes criminals believe they have a high chance of a payout.
Advice
But paying these demands is something security experts often advise against.
When organisations pay ransom demands, they are doing business with criminals, so there is no guarantee that access to their data will be restored, or that it will be deleted from the attacker’s servers if they have also stolen it. In fact, during a recent law enforcement takedown of the LockBit ransomware operation, it was revealed that the group still had data belonging to many organisations who had paid ransom demands.
Furthermore, when organisations pay these demands, they often get targeted again. A recent study from Cybereason echoed this when it revealed that 78% of organisations will suffer repeat attacks after paying ransoms.
This means the best approach is focusing on proactive defences to guard systems against the ransomware threat.
Human Error
Most ransomware intrusions result from human error, misconfigurations, social engineering, or phishing attacks. The attacker’s ultimate goal is to deliver the ransomware itself.
Organisations therefore need to take steps to help prevent an attack. This can be achieved via a number of technical measures, including:
Ensuring data is backed up, with regular testing of the backup and restore process.
Making sure all software is up to date.
Using anti-malware tools.
Using strong passwords and possibly multi-factor authentication.
Limiting the privileged access people have to devices and the network.
Protecting inbound and outbound data with specific controls that can help defend against ransomware threats.
Testing incident processes to see how well operations can recover – and on a regular basis.
People Power
Aside from these steps, there is also a vitally important people element that involves ongoing education and communication.
Business users might not have the same understanding of ransomware as their security colleagues. It is therefore important that everyone is educated on the latest phishing and social engineering tactics that are used to deliver ransomware into an organisation.
One educational approach that works well for many organisations is to run regular phishing simulations, which involve delivering emails to employees that mimic real phishing attacks to see what they do when faced with this potential cyber threat.
No one security measure is ‘foolproof’. A multi-layered strategy is essential to help combat ransomware threats. The key message here is to educate employees on the role they can play in staying vigilant.
Ransomware is a major cyber threat and logistics firms have become a prominent target. Doing business with criminals is a situation all organisations must strive to avoid, so getting proactive with defences is the goal.
Implementing technical tools is essential, while educating employees means they are less likely to be tricked by savvy cyber criminals.
But this can also be bolstered by partnering with cyber security specialists with expertise in helping logistics firms improve their defences against cyber criminals, arming them with the technical insight to help keep their employees and systems safe in today’s increasingly hostile digital world.
Comments