Global cyberattack underscores importance of training

by Brett Henebery30 May 2017
On 12 May, the biggest cyberattack in history was carried out, impacting 230,000 computers in more than 150 countries.
The targeted computers were infected with the same ransomware, and similar ransom messages demanding about $US300 to unlock their data, which the malware encrypts and locks.
While Australian organisations escaped relatively unscathed, the Federal Government has warned that businesses – particularly small businesses – are vulnerable to future attacks.

Assistant Cyber Security Minister, Dan Tehan, told The Australian Financial Review that preparing for a potential second wave of ransomware attacks is crucial.
“We may have dodged a bullet this time but rest assured there will be another bullet we'll have to dodge in the future,” he said, adding that cybercriminals attempt to hijack hundreds of computer systems and data every couple of weeks.
So how should organisations and employees prepare?
Alastair MacGibbon, who is the special adviser to the Prime Minister on Cyber Security, told ABC that anyone concerned about being impacted by the virus should first update their Microsoft software before opening emails or other programs.
MacGibbon said this is because the malware may be spreading via email attachments or trusted websites. In other words, if you don’t open or click on to the infected sites, you won’t be impacted.
The Verizon 2017 Data Breach Investigations Report, released one week before the May 12 cyberattack, has warned that organised criminal groups were escalating their use of ransomware to extort money from victims.
This year’s report saw a 50% increase in ransomware attacks compared to last year.
Chris Tappin, Senior Consultant – Computer Forensics Expert at Verizon Enterprise Solutions, told L&D Professional that the biggest call to action to come out of the report was for organisations to take a proactive rather than reactive approach to information security.
Tappin says learners should be provided with training around keeping their accounts and devices secure. This includes safety tips (such as phishing awareness) as well as how to report when they have been targeted.

“Only 20% of users in the DBIR 2017 data reported phishing emails,” Tappin explained.

“This number is higher than the number of people who clicked the links in phishing emails (7.3%), but improved training will increase the level of reporting whilst reducing the number of people who fall victim to phishing.”

As well as training, Tappin says organisations should also consider ways to limit the damage that a compromised machine or account can do in their environment.

“The ‘principle of least privilege’ has been around since the 1970s, and states that ‘every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job’,” he said.

“For example, several of today’s threats rely on fooling a user into executing a downloaded program or run macros from within Microsoft Office documents. These and many other abilities can be restricted by IT departments and granted on an ad hoc basis only to users that require them for business reasons.”

Tappin said that more generally, steps should be taken to segment resources so that when a user or computer is compromised its influence is restricted to as small an area as possible.

“Verizon has investigated incidents in which every computer in a global organisation was part of the same network, enabling Point of Sale malware to spread across their business locations around the world,” he said.

Related stories:
Why you should be providing cybersecurity training
New game trains learners to fight cyber threats