This era of information technology is no stranger to cybersecurity issues. In fact, the past months have been plagued with the likes of WannaCry and Petya, which have both proven to be costly for businesses worldwide. Cases of cyber-attacks increase daily, as technologies are developed and linked. Unfortunately, threats have evolved as well by dodging security tools using the same old tricks, simply masked under different names.
For instance, ransomware Diablo6 was recently discovered as a variant of the globally notorious virus Locky. Diablo6, known for the file extension “.diablo6,” follows the same principles as its predecessor. First, it introduces itself as an email with an attachment that contains a Microsoft Word document. Once opened, a Visual Basic Script is enabled and a payload is executed. This execution leads to computer files being encrypted. After which, a message is displayed, commanding victims to install a Tor browser, visit the attacker’s website, and pay a ransom in the form of bitcoins.
Of course, there is no guarantee that files will return to normal after the transaction. Moreover, there is currently no tool that decrypts infected documents. If losing a digital album of priceless family photos seems devastating enough, just imagine the catastrophe that a Diablo6 ransomware could spell out for an entire company.
The alarming thing about threats is that they not only can affect anyone, but they can also open gateways for intruders to steal money and data in the blink of an eye. Nonetheless, with the proper security practices and preventive solutions, anyone can inhibit an attack before it results in disruption. Here are important points to consider when it comes to fending off cybersecurity issues:
Start with common sense.
A commonly overlooked security problem is not clicking on a phished email, downloading a malicious file, nor forgetting to log out—it is leaving a device unattended and exposed to hacking, or worse, theft. It may seem obvious, but the quickest way to get valuable information is to tap into or steal the hardware it is stored in. Nowadays, electronic equipment have turned into data banks—gold mines for anyone with ill-intent—which is why companies need to implement strict policies in keeping server rooms restricted, encrypting hardware with security codes, and providing Information Technology (IT) teams with the technology to track stolen devices.
Study the basics.
Try to solve a problem by understanding it to avoid wasting time, energy, and resources. Being aware of external and internal security vulnerabilities, as well as learning how different attacks behave, can help a great deal in finding the right solutions.
Encrypt data and update software.
Threats are known to spread through networks. Thus, enterprises should be wary of plug-ins, insecure web browsers, and old operating systems, since these are most susceptible to attacks. Companies that carry copious amounts of confidential data should make use of full-disk encryption tools to secure information. Additionally, system administrators have the responsibility to implement and enforce policies that disallow employees from using corporate email accounts for personal use. Furthermore, software patches should be updated as soon as they are made available. It is also good practice to back up files in case the inevitable happens.
Communicate with your workforce.
Aside from pooling a team of IT engineers to monitor networks, regulate permissions, and create policies on internet practices, it is important for companies to keep employees well-informed of cybersecurity risks. It can be as simple as broadcasting emails to remind them about resetting their passwords, giving them news alerts on global hacks, or providing them assistance in securing threatened devices. The culprits of most breaches are often the victims. This is why security should be incorporated into a company’s culture not only to protect business operations but also to boost workforce productivity.
Acquire preventive measures.
According to Trustwave, “Containment of a data breach is 60% quicker when [it is] self-detected.” Prevention is better than searching for a cure, which in the case of most cybersecurity attacks, does not exist. With the way threats are evolving these days and as illustrated through Diablo6, a simple firewall is no longer enough to keep hackers from getting into computer systems and company networks. It is imminent for enterprises to start considering more thorough cybersecurity solutions, such as Email Security, Secure Web Gateway, and Security Information & Event Management tools, to cost-effectively complement IT teams in mitigating threats.
Cybersecurity involves everyone.
Threats come and go, but they always manage to come back. A cybersecurity attack is no longer a matter of “if” but rather “when” it happens. When it does, the consequences are oftentimes devastating. For this reason, preventive measures are not merely optional for enterprises; they are, in fact, a necessity.
Cybersecurity is not just an individual practice. We, at Globe Business, understand that security starts with us. Our journey towards protecting our data and our customers’ data, money, and privacy does not end with investing in up-to-date network security and offering top-of-the-line solutions. We continue to expand partnerships with leading cybersecurity experts because, at the end of the day, cybersecurity involves everyone.
Agrawal, Aj. “4 Easy Ways to Protect Your Company From a Cyber Attack.” Entrepreneur online. Last modified March 2, 2017. Accessed August 16, 2017. https://www.entrepreneur.com/article/289680.
Johnston, Ian. “NHS cyber attack: How to protect yourself against ransomware.” The Independent: Digital News and Media. Last modified May 13, 2017. Accessed August 16, 2017. https://www.independent.co.uk/life-style/gadgets-and-tech/news/nhs-cyber-attack-protect-against-ransomware-patches-a7734381.html.
Khandelwal, Swati. “Warning: Two Dangerous Ransomware Are Back – Protect Your Computers.” The Hacker News. Last modified August 15, 2017. Accessed August 29, 2017. https://thehackernews.com/2017/08/locky-mamba-ransomware.html.
Mendrez, Rodel. “Massive Volume of Ransomware Downloaders being Spammed.” Trustwave: Spiderlabs (blog). Last modified March 9, 2016. Accessed August 29, 2017. httos://www.trustwave.com/Resources/SpiderLabs-Blog/Massive-Volume-of-Ransomware-Downloaders-being-Spammed.
Pizzari, Robert. “4 Security Trends Asia-Pacific Executives Should Fixate On.” Trustwave (blog). Last modified June 22, 2017. Accessed August 29, 2017. https://www.trustwave.com/Resources/Trustwave-Blog/4-Security-Trends-Asia-Pacific-Executives-Should-Fixate-On/?page=1&year=0&month=0&topic=0&category=0&author=0&LangType=1033.
Moffitt, Tyler. “Locky ransomware resurges with Diablo and Lukitus.” Webroot (blog). Last modified August 17, 2017. Accessed August 29, 2017. https://www.webroot.com/blog/2017/08/17/locky-ransomware-resurges-diablo-lukitus.