May 2017 – WannaCry. June 2017 – Petya. Unless you’ve been living halfway up the Amazon or in the highlands of Papua New Guinea for the last couple of months you’re sure to have seen or heard these words many times recently. WannaCry. Petya. Yes, we’ve all heard of them and we’re pretty sure what we heard wasn’t good, but how much do we really know about them? More to the point, how much should we make it our business to learn about them?
If you’re running a business or organisation using computers or mobile devices of any kind, it’s imperative you take time to understand the threat that WannaCry, Petya and what other cybercrime variants represent to your business.
Cybercrime in general, and the latest crypto-ransomware variants such as those mentioned, are a very real and growing threat to businesses large and small worldwide. Typically designed to restrict access to device(s) and data, ransomware generally infects networked systems throughout an organisation (e.g. the UK’s National Health Service or Germany’s national rail network). Some types encrypt data held on devices, or within systems, only providing a decrypt key once the ransom demanded has been paid. Payments often utilise difficult-to-trace methods such as wire transfer, online payment voucher, premium-rate text messages or one of the emerging digital currencies e.g. Bitcoin.
Our own government recognises the threat, saying: “Australians and their businesses are at the front line of cybercrime and they expect government to act. The Government is committed to working with states and territories to enhance our national response, including through a proposal to develop a new ‘National Plan to Combat Cybercrime’”.
Our national Cyber Security Strategy is being developed by the Attorney-General’s department.
Meanwhile, what Cyber Security measures should individual business owners take to protect their data and systems? Helpfully, the government has prepared a high-level ‘Stay Smart Online’ guide to the multi-layered approach that all businesses, organisations and private individuals should follow to minimise the risk to their systems.
These guidelines can be summarised as:
- Privacy – keep your data close; avoid proliferation here, there and everywhere
- Passphrase – protect your information with a secure key
- Awareness – monitor what’s happening with your data and systems
- Network and Device Security – lock down PCs and Networks