Ransomeware & Cyber Security
Many of us awoke this Monday morning to hear of the latest wave of ransomware attacks on business globally. As many as 200,000 businesses over 150 countries were targeted with at least three being identified as Australian businesses.
For those who aren’t familiar with ransomware, it attacks users’ computers, encrypting files and places a ransom on their release with the threat of deleting the data permanently. In this instance hackers took advantage of vulnerabilities in older outdated versions of Microsoft users had installed and failed to update. Ransom was demanded in Bitcoin and the attack generated around USD$55,000 of payments. The attack was halted when a 22-year-old discovered a kill-switch in the code.
The attack disrupted operations at car factories, shops and schools. a UK Hospital was even forced to turn away some patients as they could not access their patient records. Such attacks have the potential for devastating effects on government and larger organisations operations. Fortunately, in this attack, no critical functions appear to have been affected.
Small businesses are often targeted by cyber security threats with a third documented cyber-attacks in Australia occurring upon small-to-medium businesses. SME’s often make easy targets for cyber crooks as business owners-operators have been found to have lower levels of concern and measures in place around protecting their cyber security. In this instance, the vulnerabilities that supported these attacks could have bene prevented if the hardware was updated regularly. Yes, we all know updating computers can be an annoying with updating requiring computers to be restarted disrupting your working day. However, this is a clear example of why it is so important to keep all software up to date as required. Take a look at out blog post here for 4 easy tips to protecting your information security.
These are precisely the types of issues that ISO27001 Information security management is aimed at preventing. ISO 27001 certification is aimed at creating and establishing processes to safeguarding information your Information Security from unauthorised access, use, destruction, modification or disclosure. As organisations have become more connected with increased information flows productivity has improved dramatically. The flip side to all this is that we are now more reliant on this data and information than ever before. If our organisation’s data becomes corrupted, destroyed or falls into the wrong hands it can have serious commercial and legal consequences.