Cybercriminals have discovered a lucrative strategy: holding the digital files of critical businesses hostage until a large charge is paid, typically in difficult-to-trace virtual money.
According to the federal government, critical infrastructure providers, such as the energy, health, and manufacturing sectors, accounted for more than half of all ransom ware victims in Canada in the first half of this year.
According to federal officials, about one-quarter of Canadian small enterprises have been victims of a hostile cyber attack since March 2020.
The digital dilemma prompted several cabinet ministers to plead with Canadian organizations this week to take protective steps.
Many breaches are simply attacks of opportunity, taking advantage of network vulnerability, said Dwayne Robinson, global director for incident response at CyberClan, which provides security services to small and midsize organizations.
“I would argue not many are actual true, hard-targeted attacks,” Robinson said during a recent webinar on ransom ware in Canada.
There are some basic things that companies can do to vastly improve their security, he said. “And it’s somewhat frustrating because we see the same thing over and over and over and over and over again.”
The Canadian Centre for Cyber Security, a federal agency, has developed detailed guidance on preventing and protecting against a ransom ware attack. Here’s a look at some key recommendations:
Training – Provide security awareness training for employees to ensure they don’t click on phishing emails or open infected downloads.
Planning – Draft a plan on how your organization will monitor, detect and respond to a ransom ware attack. Test the response plan through exercises.
Cyber insurance – The average cost of recovery from ransom ware worldwide more than doubled in the last year to $2.3 million. Look into policies and consider whether insurance would be helpful.
Assessment – Private specialists can assess an organization’s computer systems and recommend precautions against a ransom ware attack.
The federal government offers programs aimed at critical infrastructure operators in the fields of energy and utilities, finance, food, government, health, information and communication technology, manufacturing, safety, transportation and water.
Public Safety Canada, working with the Cyber Centre, developed the Canadian Cyber Security Tool to provide critical infrastructure organizations with an easy means to assess their cybersecurity in less than an hour.
It was first offered to health sector organizations in the summer of 2020, and is now available to all critical infrastructure sectors. Public Safety says it has conducted 132 assessments to date.
The department also offers the Canadian Cyber Resilience Review, an on-site, survey-based exercise that can take up to a day-and-a-half to do. Public Safety says 110 assessments have been done in various critical infrastructure sectors since 2013.
Use security tools – Install anti-malware and anti-virus software on devices to detect suspicious activity and secure the network with a firewall. Use strong passwords, or passphrases, to ward off what are known as “brute force” attacks that scroll through countless password possibilities.
Update systems – Use updates and patches regularly to remedy bugs and vulnerabilities in software, firmware and operating systems.
Segment Networks – Dividing a network into several smaller segments can prevent ransomware from spreading across the full network.
Observe the “least privilege” principle – Give employees access to only those functions and privileges necessary to complete their tasks.
Random testing – Have testers try to breach a system’s security with techniques a hacker might use. The Bank of Canada, like many financial institutions, has long emphasized protection of internal systems, including network penetration tests.
Data backups – It is essential for an organization to have copies of data and systems in the event of an incident. Ensure backups are stored offline, as cybercriminals can infect backups if they are connected to networks.
“Ensure your organization has multiple backups stored offline and conducts the backup process frequently, to guarantee data is as close to real time as possible,” the Cyber Centre says.
“Testing your backups is also a crucial element to your backup and recovery process. To ensure an additional layer of protection, you should encrypt your backups. Having a secondary backup in the cloud is also a recommended approach to enhancing your ability to recover.”