2017 is starting to look like a busy year for cybersecurity.
According to the Cyber Security Report 2017 released by Telstra, more than half of the organisations (59 per cent) surveyed in Asia detected a business interrupting security breach at least once a month.
The study paints a mixed view of the state of cyber security in Asia. The most alarming finding is the increase and regularity of cyber-attacks on businesses while cloud security came up as a major security issue for Asian organisations.
These attacks are not happening in isolation. Three months ago, in February, Singapore’s Ministry of Defence reported security breaches to its system. Just two weekends ago, a wave of global online attacks hit countries in Europe and Asia with threats of more bugs being released.
What is WannaCry ransomware and what does it do?
Ransomware is a malicious piece of software that locks users files and demand payments to unlock them. In this recent cyberattack, the malware which affected machines running the Windows operating system is known as WannaCry.
The full extent of the damage was felt across Europe and Asia. One estimate put the number of companies, hospitals, government agencies, railway stations, malls, and universities in China at almost 30,000. At one point 20,000 gas stations went offline.
Although data loss was less severe in Asia, it did not stop Asian countries from taking preventive steps. Thailand’s Assembly proposed immediately establishing a cybersecurity committee that could take defensive measures, and the Singapore and Malaysia governments provided guidance to citizens over the weekend.
What we know for sure is that there are lessons to be learned from this incident.
Lesson #1: Ransomware is on the rise
According to a study, 18 million new malware samples were captured in 3Q2016 alone. That’s an average of 200,000 per day. In 2016, Malaysia ranked 12th in Asia-Pacific for number of ransomware attacks.
Lesson #2: Companies need to make changes based on cybersecurity attacks and threats
The growth in cyber-attacks across Asia resulted in a heightened awareness of the business impacts such risks can have. This has in turn led to increased IT security spending with close to 94.7 per cent of organisations in Asia increasing their security budget this year.
The WannaCry attack demonstrates that it is imperative for businesses to ensure that they are updating their software and installing appropriate security patches.
After this incident, businesses should take time to examine what it is doing to protect against such attacks and if measures are in place to prevent threats to the system. This includes having a proper business risk assessment, installation of appropriate IT security policy and procedures, deploying the right security technologies, ensuring compliance, constantly monitoring the environment, educating the employees, alerting and responding to security incidents quickly, and conducting forensic and root cause investigation.
Lesson #3: Back up your data
This is fairly straightforward but most users often take for granted that data loss is unlikely to happen to them. Businesses need a proper data backup solution. Emails containing viruses are accidentally opened every day and important files are often mistakenly deleted. There’s no reason to fear these issues if you take frequent incremental snapshots of your systems.