Petya - Can This Recurring Nightmare of Security Attacks Be Prevented?

Posted 29 June, 2017 in Security

Once again, another malignant ransomware attack has hit the headlines, paralyzing infrastructure and organizations around the world. 

Applying the latest security patches is certainly the best preventative measure, but what else can employers do to avoid this recurring nightmare?

Continued below.

Combat Cyber Attacks-min-1.png

 

If there is one slim positive to emerge from this latest spate of attacks it's this: employee awareness of cyber terrorism is at an all-time high.

 

Improving staff awareness of cyber security i.e. what it is; how to identify it; and what to do when it is detected rallies the efforts of the entire organization. Every employee becomes a soldier that can be used to fight off the attack. To arm the employee army means ensuring they are trained on the mysterious practices of this insidious world. 

The cyber-attacks of late typically manifest as a phishing email. Employees are invited to click a link or open a file. Once the link is clicked or the file is opened their computer is infected – and so too is the organization’s network along with many other employees’ computers connected to the network. The damage is done. Employees have a responisiblity to act dilligently and with caution while online. 

 

How can organizations maintain momentum that breeds a security culture? 

 

It highlights the importance of ongoing staff education regarding on-line behavior. Forewarned is forearmed.

 

For example, they employees need to know:

 

  • what phishing or suspicious emails might look like;
  • be familiar the company policy that expressly forbids the opening of files or clicking of links in suspicious emails or from emails where the identity of the sender is not known;
  • the process for advising the security team when a suspicious email has been received and deleting the email.

 

The challenge of forearming employees comes down to using an effective medium to achieve maximum education and vigilance within the employee population. Unfortunately, email lacks both the cut-through and the impact for what effectively needs to be a sustained campaign of cyber security awareness information.

Paradoxically, email is the vehicle that typically launches a cyber attack.

Employers must look at bypassing email to get employee attention for important security matters. They must acknowledge that long-form content does not get the cut through needed. Other tools, such as screensavers, desktop alerts, scrolling tickers and headlines, can be combined and drip fed over time, builds awareness and behavioral change. 

Ultimately, there is no silver bullet for cyber terrorism. Attacks are harder to spot and more aggressive in their nature, as we've seen with this latest iteration.

But helping staff to understand the risks, and teaching them how they can do their bit will reduce the likelihood of an organization becoming the next victim.  

 

Start promoting an internal communication culture to combat the next cyber attack,

Download our tipsheet to find out how to get started:

Download it now!

Security