When was the last time you saw or heard of a full-blown bank robbery situation? Remember when banks would be the subject of armed criminals running in and yelling “everyone on the ground” or “put your hands up” before raiding the bank teller drawers for cash? They would then run outside to a waiting car, hoping to make their escape before the police arrived. That is assuming that someone was able to trigger an alarm in the first place.
The premise hasn’t really changed in today’s world, but the landscape has, and that bank robber is now your cybercriminal yelling (effectively) “stick up your hands” online. Take for example ransomware which displays messages demanding to be paid in order for your data to be accessed again or for your systems to work again. Effectively you are being “held up.” They are pointing a “weapon” at your data knowing that in today’s world that holds value for you.
So how did banks get away from being the focus of a criminal?
They employed countermeasures over the years like holding minimal cash on premises, security shields that flew up in-front of tellers, time delayed safes and putting branches in full view of large crowds so if anything was to occur many could witness the event and report on it. But progress on countermeasures was slow at the time so the criminals continued until the point where it was too risky. Can we get to the same place today with cybercriminals – make it too risky for them to attempt the heist?
For it to be too risky for a cybercriminal to undertake a criminal act in the first place, we should start by holding our ground on things like ransomware.
First the countermeasures. There are the basics like malware protection, patching, restricting internet access, privilege access, awareness and monitoring. But there also has to be the ultimate line in the sand, and that is encrypted backups. You must be prepared to say “no,” wipe your systems and rebuild from the latest backups. Imagine a scenario where everyone could and would do that, a ransomware attack would go the way of the bank robbers. It would become extinct.
Not long ago my aged mother succumbed to a phishing attack. The attacker gained access to her systems and the moment she told me about some software she purchased over the phone I knew she was a victim of an attack. Because her system was compromised, we changed everything in a heartbeat. All her passwords, her email address and even her mobile phone number, to name a few “nuclear” options. She was prepared to say “no more” to the point of losing her email address and mobile phone number in the process. Our stomping on the incident was so successful that we recovered the money she lost in the attack and the cybercriminal tried to contact her, on her now old phone number, to re-initiate access but by then her shields were up and he was shut down.
For cybercriminals to think that an attack is too high a risk of exposure we have to be collectively ready to say “no.”
Even if it means some inconvenience for us, like getting a new email address or rebuilding our computer. We also need to be prepared to assist those whose IT skills are not the greatest in this space as they may not be able to fend for themselves, like my aged mother. Only then can enough of us hold the ground to make an attack vector extinct.
Train robbers and bank robbers are all but extinct from one generation to the next. Like the criminals of the past, we need to make systems too risky to attack, and part of that is being prepared to stand our ground.
SecureTrust, a Trustwave division, leads the industry in innovation and processes for achieving and maintaining compliance and security. SecureTrust delivers world-class consulting, compliance and risk assessment services and solutions for the enterprise market as well as tailored merchant risk management programs and solutions for merchant program sponsors around the globe.
CLICK HERE to contact us for all Enterprise Compliance, Merchant Risk Management and Compliance Technology needs.
Brian Odian is the Director of Asia Pacific Global Compliance & Risk Services Consulting at SecureTrust, based in Sydney. He has over 32 years IT industry experience including roles as a Security Delivery Manager and Global Security and Transformation Lead for large worldwide information technology corporations. During his career he has been across a wide range of industries and roles, including global management experience across multiple cultures and business environments.
Experienced in running global security programs, and some of the largest regional projects in Asia Pacific, Brian brings a mix of project management, security and compliance credentials together (CISM, CRISC,PMP, QSA, ISO27001 IA) to achieve the best results in delivering security solutions and compliance programs. He has been published by the Project Management Institute (PMI) and MSSP Alert along with conducting webinars on the General Data Protection Regulation (GDPR) and Compliance Intelligence. He has also presented on PCI Compliance for some of the “big four” banks and the Customer Owned Banking Association (COBA).