As we move forward in 2017 our experts are anticipating a further rise in targeted attacks against businesses. Ransomware attacks will continue to rise and seems to be one of the main ‘buzz words’ in the industry currently. Ransomware is a piece of malicious malware that can encrypt your organisations’ data and is dangerous especially if senior executives’ files get encrypted. Learn more by reading our experts blog on ransomware.
Our Simulated Ransomware Service mimics real threats to organisations, enabling IT Professionals to detect and protect their organisation from real threats. The purpose is to test the organisations’ responsiveness to an attack and to see if users can be exploited.
Organisations must start to mimic real attacks and move away for reactive procedures. Reduce risks now and protect your business. Speak to our Security Practice Director, Luke Potter or contact us here.
Phishing and other targeted attacks will also increase in 2017. Phishing is key target attack vector through which organisation are regularly compromised. Our Cybersecurity experts has reported a large take-up of SureCloud Simulated Phishing Attack Services. This is a carefully planned and executed attack, designed to achieve the maximum ‘hit’ rate and simulate a real targeted attack against the organisation and its employees.
The purpose of simulated attacks is to help raise awareness throughout the organisation and to help its staff spot a genuine attack. Risk Practitioners, Security Managers and IT Professionals will then be able to understand if its security controls are robust and have visibility of how likely it is for their organisation to become compromised via a targeted attack. Organisations will also be able to identify where current controls are ineffective at preventing and/or detecting an attack and have more visibility on what could be encrypted from various access points should a real attack occur. Conducting simulated attacks will also enable the organisation to deploy more restrictive permissions, raise user awareness and then provide training to help early detection and stop the spread in the event of a real attack.
There a number of measures businesses can take to reduce the likelihood of attacks such as ransomware making its way onto the corporate network.
Security Controls – this is a critical part of an organisations defences. These should include email filtering, web filtering and a corporate anti-virus solution that includes ransomware detection capabilities.
Have robust back-up in place – regularly back up files and data to an offline location (such as tape) that can’t be touched by for example ransomware. This will allow organisations to be better positioned to mitigate the impact of a ransomware attack.
Staff education and training – this is absolutely critical within organisations of all sizes to ensure that knowledge of attacks are shared. Employees can be educated to watch out for the tell-tale signs and flags of a potential ransomware infection, whatever the delivery mechanism. This can be aided massively by a simulated and targeted attack against your organisation.
Never pay the ransom – under absolutely no circumstances should the ransom be paid. If you pay the ransom you will open up yourself and the organisation to becoming a key target for wider attacks, and there is absolutely no guarantee that your files will actually be decrypted. After all, would you rely on a criminal’s promise?
Desktop applications – these are often overlooked by organisations and represent a major and key attack vector. This will only continue into 2017. Listen to our Chris Cooper (Security Team Leader) on demand who discussed this risk in greater detail. Click here to access the webcast.
We have an CESG CHECK and CREST accredited test team who are industry experts in all areas of security testing. A few of our services are listed below:
SureCloud is a provider of Gartner recognised GRC software and CREST accredited Cyber Security & Risk Advisory services. Whether buying products or services your organisation would benefit from automated workflows and insight from the award-winning SureCloud platform. All of SureCloud’s service offerings are fully compatible with the GRC suite of products enabling seamless integration of information, taking your risk programmes to the next level.