By Jaspreet Singh, Partner- Cyber Security, EY
The world has witnessed a paradigm shift in the way, of how an enterprise works due to COVID-19. With more than 2.5M people getting effected due to coronavirus worldwide, and an onset of lockdowns, a lot of industries are directly impacted. Remote working is increasing as a means of practising social distancing during the COVID-19 pandemic. All the Board meetings, overall performance and other business critical discussions are also happening remotely. However, one of the most important factors to be considered is, whether these connections are secure, whether the information about their enterprise level business strategies and financial updates are safe and not getting leaked outside.
Recent Maze Ransomware cyber-attack on an IT giant has left the company disarrayed due to its compromised internal systems and impacted its IT services to some of the Company’s clients. When the maze ransomware operators breach the Company’s network, they slowly and stealthily spread laterally throughout the system, try to gather information about the system it is infecting, including the type of system such as a standalone server, primary domain controller, server in corporate network, backup server or any other system which is very valuable. This information is useful in to influence the ransom amount.
Once the system has been exploited, the ransomware attempts to make several connections, and try to gather information about the system it is infecting, including the type of systems such as whether it is a standalone server, primary domain controller, server in the corporate network, backup server or any other system which is very valuable. This information is useful in influencing the ransom amount. Once important files are identified, RSA and ChaCha20 ciphers are used to lock all the files except itself and .ini file extensions and create a ransom note in each folder.
Reputation for every company is paramount. The world has witnessed how the loss of a Company’s reputation in Information Technology, Airline, Automotive, Telecommunications, and other industries have brought down their share price drastically. Therefore, it is a need of the hour for companies to adopt cybersecurity measures and safeguard their own and their customers’ critical information from unauthorised access by cybercriminals which may lead to a financial and reputational loss.
It is time when all the enterprises worldwide start focussing on cybersecurity. It is vital for the Board of Directors to learn about the costs and focus on investment decisions around securing their online information systems. While many C-level executives may think cyberattacks and cybersecurity as a technical problem, security failures are often caused due to bad business decisions and lack of focus on the strong technical design of the Company’s infrastructure.
The vital question that the leadership of every organization must be asking themselves is, how prepared are they to deal with a cyber-attack or the risks that arise due to the use of information technology and whether this is an important point of discussion in their board and executive-level meetings. If the answer is not affirmative, the Company is more prone and exposed to a cyberattack. It may also mean, that the organization does not have the resilience to effectively recover from the incident and enable its BAU operations as soon as possible.
Therefore, the board must ensure that their Company’s risk exposure to the current cyber trends and the readiness to recover from it in the form of business continuity plans are discussed at the appropriate forums to minimise the impact of cybersecurity incidents. The board must refrain from just relying on the operational staff in the IT department to deal with the risks of cyber-attacks as the risks arising from it are far too great.
Cybersecurity preparedness, cyber crisis management plan, cybersecurity resilience along with risk management, and business continuity planning must be the agenda of all the board and executive committee meetings. This shall ensure that appropriate attention to safeguarding Company’s information system is given, and effective processes and solutions are implemented to identify gaps and minimize risk exposure and impact.
The article is written with the inputs from Heba, Manager Cyber Security, EY.