Following the news that a media monitoring firm Isentia in Australia has been hit by a ransomware attack, impacting their work with government departments and the Australian Stock Exchange, please find a comment below security experts:
Following the news that a media monitoring firm Isentia in Australia has been hit by a ransomware attack, impacting their work with government departments and the Australian Stock Exchange, please find a comment below security experts:
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Today’s attack is yet another example of the risk posed by ransomware attacks and phishing scams. Protecting data from malicious attacks should be top of the agenda for all businesses, especially with the added risk of increased remote working. The sudden rise of remote working in response to Covid-19 has led to company data being increasingly dispersed across diverse areas of organisations, multiplying security risks. With businesses now storing significant amounts of data on employee laptops, as well as on a mixture of geographically distributed public and private clouds, cybercriminals now have an wealth of new endpoints they can infiltrate, inspiring them to try their luck.
Organisations need to seek solutions which offer centralised control of all their storage siloes, so that they can implement universal security and DR practices regardless of where data lies within their ecosystem. This can include limiting access to only authorised users, enforcing two factor authentications, highlighting suspicious activity, or automatically making immutable locked backups of your data as last bastion of defence against ransomware. Doing so will allow business to maintain continuity despite this pronounced spike in IT complexity which remote working has caused.
It appears that lockdown has not slowed down cybercriminals who are working just as hard to infect as many organisations as possible with ransomware. It is a reminder that even though many organisations have staff working remotely or have a reduced workforce, cybersecurity needs to remain an integral part of all activities.
Ransomware typically will infect an organisation either through phishing emails or by taking advantage of unpatched software. So organisations should remain invested in security awareness training and IT cyber hygiene to reduce the risk of being infected.
Cybercriminals are relentless in their efforts to disrupt operations and reap financial rewards. Organisations today cannot afford to take cybersecurity for granted. All businesses need to be prepared and work with their Executive Management Teams to make informed business decisions on how they will respond to cybersecurity events such as a ransomware attack. Having an in-depth proactive approach to security along with a robust Business Continuity Plan reduces business impacts for ransomware attacks. This includes threat awareness, strong access control with multi-factor, security tooling for monitoring/alerting, regular backups, version control, and thorough testing of disaster recovery procedures.
Ransomware attacks are on the rise, and for the attackers, it’s likely comforting to learn that per IDC’s ANZ Ransomware Survey almost 1/3 of ANZ organisations hit by ransomware in the past two years paid the ransom. Unfortunately, when payment occurs, those monies are then available to create yet more innovative attacks, and potentially fund other criminal activity – a situation highlighted by the US Department of the Treasury’s Office of Foreign Assets Control in an advisory last week. For businesses seeking to restore operations quickly, payment of the ransom may seem like an acceptable solution. Unfortunately, as the Toll Group found earlier this year, implementing IT improvements following one attack doesn’t preclude another successful attack. Defending against any type of malware requires a comprehensive plan that looks at human factors in addition to technologies. Importantly, the underlying threat models should take into account how an attacker might use the data they collect. In the case of Isentia, customers should look to change any credentials they’ve provided on the Isentia platform as well as to revoke any access tokens to media platforms Isentia was monitoring for them. Doing so could limit ongoing damage if Isentia\’s customer data was exfiltrated during the attack.
The impact of Isentia, a media-monitoring firm, being hit by a cyber attack demonstrates the interconnected world of national cyber defense. While a media monitoring firm wouldn’t typically be considered part of critical infrastructure, its work with many government departments and large organisations – such as the Australian Stock Exchange – has now been put on hold due to the cyber attack.
This incident also reminds us of the importance of vetting third parties in terms of their cyber resilience. While the full details of this particular security breach are yet to emerge, best practice advice is to ensure third parties have at least similar practices and procedures as your own to keep sensitive data safe.