Though ransomware is not new in the cybersecurity space, its implications can have substantial impact on businesses. In 2020, it has made headlines recently with hacks to Toll Holdings and Travelex.
After being targeted by the Mailto ransomware, global logistics giant Toll Holdings has had a difficult few weeks. The attack compromised around 1,000 systems, forcing Toll offline, and ultimately disrupting global service delivery. The event also created a significant management overhead in terms of handling the incident and managing the business without the usual assistance of core IT systems and processes. For example, Toll subsequently increased staffing at contact centres to assist with customer service.
The fact that Toll was hit by ransomware is unsurprising. Not because they were unprepared; in fact they appear to have been well-prepared to respond to the incident — but more because ransomware is still around and highly effective.
What’s new in ransomware?
Put simply — its level of sophistication. Ransomware and malware are now more likely to be curated and strategic campaigns, and less ‘hit and hope’ style. They test, and sometimes beat, even the biggest companies’ defences.
A significant aspect of ransomware in 2020 is that it appears to be stealing data before encrypting it, which considerably increases risk. What was once a data access issue, is now also very likely to be a data breach event. With the legal obligations for Australian companies to notify individuals of a data breach, there is even more incentive to focus on the prevention of ransomware attacks.
Who is at risk?
Ransomware attacks are a real threat to business — regardless of size or industry. While the attack on Toll was sophisticated and executed using a new malware variant, unsophisticated attacks will continue.
Realistically, any business is at risk of attack — however mid-sized businesses are particularly vulnerable to these campaigns due to limited resources and defences.
How to protect your business
Unfortunately there is no silver bullet to manage cyber risk and defend against ransomware. Preparation is the best defence and implementing the proper controls means avoiding or minimising costly ransoms, business interruptions, and reputational damage.
To ensure businesses are better prepared for ransomware attacks, all organisations should have some key steps and controls in place such as:
- Promote awareness and education: Cybersecurity awareness at the front line is a critical defence. Train your staff to recognise high risk and fraudulent emails before they click on a link or attachment that allows criminals to access your network.
- Backup your data: A functional, tested and resilient data backup is imperative. Many companies have moved to online backup, however an offline backup is still required in the age of ransomware. In many cases, the data backup will be the only recovery option.
- Install defensive software: It’s important to make sure you have effective anti-virus and anti-malware software installed on all of your systems and take steps to ensure that the software is constantly up to date.
- Implement appropriate processes: Many attacks are made easier because the victims have not developed a process to ensure that all the appropriate security patches are installed on their systems. Unpatched systems are an easy vulnerability for attackers to exploit.
- Ensure good cyber hygiene practices: There are many more network security measures that can help prevent these attacks, including storing key data offline, segmenting your network, using good password security practices such as two-factor authentication and making sure users have appropriate access rights. These need to be checked and verified.
From what we understand, Toll has (among other methods) a robust and successful backup for system and data restoration and a business continuity plan, allowing them to maintain a semblance of operation. Notwithstanding their ability to respond, they have still had to weather the reputational risk and damage. Customers businesses’ have been impacted, and this may have ongoing impacts for Toll.