Ransomware: Why you need an ethical hacker on your side

Jumping Bean logo

On 12 May more than 150 countries around the globe were hit by ransomware, with hundreds of companies and even government departments brought to a halt. In the UK the National Health Service was shut down, putting patients at risk, and locally Telkom’s customer support systems came under severe attack. And these are just a couple of the thousands of companies hit by the ransomware.

With cyber attacks on the increase businesses need to take steps to mitigate the risks and one of the best ways to do that is to train their staff asethical hackers.

The WannaCry malware encrypted users’ data and demanded the equivalent of $300 in Bitcoin to decrypt the information and held companies large and small to ransom. Although the initial attacks were eventually brought under control the threat from cyber attacks is just starting to grow.

While it is the large companies that tend to dominate the headlines when cyber attacks happen, the reality is that all businesses, large and small, are all equally at risk from the growing threat of cybercrime.

“We can expect to see an increase in cyber attacks in the coming months and years,” says Mark Clarke, technology sensei at training company Jumping Bean. “The WannaCry attack is a sign of things to come as organised crime understands that online attacks offer easy money and a relatively low chance of getting caught”.

For businesses, says Clarke, the writing’s on the wall. All businesses are at risk of being hit by cyber attacks and without adequate preparation and planning they stand to lose not just valuable data and finances but also suffer reputational damage. “Customer trust is extremely hard to build and a single cyber attack that brings a company down could forever damage the brand. Customers are not willingly going to share their data and money with a company that shows it is unable to protect it. There is also the opportunity cost of having your systems down for prolonged periods of time.”

While there is little that business can do to stop the increase in cyber attacks, there is a lot that companies can do to ensure they don’t fall victim to the attacks, says Clarke.

Ensure you’re not the weakest

“Attackers typically prey on the weak. If your business is unprepared for a cyber attack, your front door is effectively open and you’ll be hit first. The best thing you can do is to ensure you aren’t the slowest or weakest by ensuring that your systems are regularly tested for weaknesses and that your staff are trained to recognise the possible attack points and ensure those are closed.”

Systems staff that have a qualification such as the Certified Ethical Hacker certificate are trained to think like a possible attacker. By learning and understanding the tools and processes an attacker would employ to break into systems they are better able to identify the holes in a company’s security perimeter.

“It’s not just about securing the high-value systems in your company. In most cases attackers will find a vulnerability on the perimeter of the organisation – such as a vulnerable staff member, or unsecured device – and use that to work their way deeper into the company’s systems.”

“Training even non-security staff to recognise potential cyber attacks is one of the best ways for a company to ensure they don’t fall prey to crippling and expensive cyber attacks,” says Clarke.