{{item.videoDuration}}
{{item.title}}
{{item.text}}
{{item.videoDuration}}
{{item.title}}
{{item.text}}
Johannes Dohren
Partner, Cybersecurity and Privacy, PwC Switzerland
Even if individual steps differ in detail, the course of a ransomware follows a similar logic. It can be illustrated by being divided into four phases – preparation, attack, spread and infection. In our blog series, we show these phases based on an example scenario from the perspective of a ransomware operator, and show which security measures are truly effective. Finally, we touch on the legal aspects of ransomware payments.
61% of Swiss executives expect a surge in reportable ransomware incidents in 2022.
Cybersecurity and Privacy
At PwC, we help clients evaluate their ability to deal with the main cyber risks and threats of the digital world in an easy and understandable way.
Phase 2: the attack
If the preparations have been finished, the next step is to penetrate the network of the target company. Cybercriminals typically rely on phishing mails – for one simple reason. If more than 1,000 employees from a company are contacted there is a good chance that at least 50 of them will react to this fake e-mail, which will give the hackers access to the network. With higher-priority targets, the devices which are easily accessible are also often tested with standard access data. This procedure may sound rather complicated and laborious, but is automated as much as possible and very little needs to be done manually. The attacker gets a message as soon as a login attempt is successful or a user has reacted to a phishing e-mail, and in most cases has multiple accesses to the network of the hacked company on that same day.
Cyber incident response and recovery
We have a broad range of flexible solutions, including entire packages, to help you plan and prepare for cybersecurity incidents.
What can you do now?
Cybercriminals often take the easiest route and attack the easiest target. The more difficult it is to attack your company, the less attractive a target it becomes. You should take some basic security measures to make yourself less attractive to hackers. This won’t give you complete security, but it does make it less likely that your company will fall victim to an attack. These security measures include the following:
Check what information you make available:
- Make sure that no sensitive information appears in reports that are available to the public. This includes, for example, items such as “significant investment in the following year to replace obsolete IT infrastructure”, “developing security competencies” or “risk budget for security incidents”.
- Don’t make any public statements about which systems and versions you use in the company – including in job descriptions. This kind of information can be disclosed to candidates at the interview stage. It is possible that a potential attacker may apply for a job at your company, but this involves significantly more effort which cannot be automated.
- You should regularly check what information can be recorded automatically by your company. This should either be done by your own specialist department using publicly available tools (Harvester, Shodan.io) or experts should be commissioned to do it.
- Company representatives with a high level of public visibility should be given regular security training. Technical vulnerabilities, such as devices which can be accessed by the public, should be eliminated as soon as possible or at minimum should be monitored more closely.
Awareness and vulnerability management:
- Your workforce is always the most important line of defence. Make sure they can reliably recognise phishing e-mails. This way you reduce the so-called click-through rate, meaning the frequency with which falsified links are clicked and malicious file attachments are opened. It should become a part of your corporate culture for employees to check and read their e-mails with a critical eye.
- Create a way of reporting suspicious e-mails quickly and easily, either via a button in the e-mail client or by forwarding them to a separate e-mail address, e.g. “phish@<organisation>.ch”.
- Create an open culture of learning from mistakes. You will never completely eliminate the risk of an employee not recognising a phishing e-mail and either clicking on malicious links or downloading files. The person often realises later on that something about the mail or the attachment wasn’t right. This is why it is important for the employee to be able to report something suspicious straight away without fearing any negative consequences.
- You should regularly check the configuration and vulnerability of your devices as part of the vulnerability management system to ensure that they cannot easily be compromised, particularly those which can be accessed online.
#social#
Building trust to succeed
At PwC, we are a community of solvers – powered by technology – committed to helping you protect everyone, and everything, you care about.
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Contact us
