Petya - Can Security Attacks Be Prevented?

Posted 29 June, 2017 in Cyber Security

Combat Cyber Attacks

Once again, another malignant ransomware attack has hit the headlines, paralyzing infrastructure and organizations around the world.

Applying the latest security patches is certainly the best preventative measure, but what else can employers do to avoid this recurring nightmare?

If there is one slim positive to emerge from this latest spate of attacks it's this: employee awareness of cyber terrorism is at an all-time high.

Improving staff awareness of cyber security i.e. what it is; how to identify it; and what to do when it is detected rallies the efforts of the entire organization. Every employee becomes a soldier that can be used to fight off the attack. To arm the employee army means ensuring they are trained on the mysterious practices of this insidious world.

The cyber-attacks of late typically manifest as a phishing email. Employees are invited to click a link or open a file. Once the link is clicked or the file is opened their computer is infected – and so too is the organization’s network along with many other employees’ computers connected to the network. The damage is done. Employees have a responisiblity to act dilligently and with caution while online.

 

How can organizations maintain momentum that breeds a security culture? 

It highlights the importance of ongoing staff education regarding online behavior. Forewarned is forearmed.

For example, employees need to know:

  • what phishing or suspicious emails might look like;

  • be familiar the company policy that expressly forbids the opening of files or clicking of links in suspicious emails or from emails where the identity of the sender is not known;

  • the process for advising the security team when a suspicious email has been received and deleting the email.

 

The challenge of forearming employees comes down to using an effective medium to achieve maximum education and vigilance within the employee population. Unfortunately, email lacks both the cut-through and the impact for what effectively needs to be a sustained campaign of cyber security awareness information.

 

Paradoxically, email is the vehicle that typically launches a cyber attack

Employers must look at bypassing email to get employee attention for important security matters. They must acknowledge that long-form content does not get the cut-through needed. Other tools, such as screensavers, desktop alerts, scrolling tickers, and headlines, can be combined and drip-fed over time, building awareness and behavioral change. 

Ultimately, there is no silver bullet for cyber terrorism. Attacks are harder to spot and more aggressive in their nature, as we've seen with this latest iteration.

But helping staff to understand the risks, and teaching them how they can do their bit will reduce the likelihood of an organization becoming the next victim.  

 

Start promoting an internal communication culture to combat the next cyberattack,

Download our tip sheet to find out how to get started:

Download it now!

Cyber Security