Many still vividly remember the news from 2017: The WannaCry ransomware caused damage at well known targets, for example Telefonica, the British National Health Service, FedEx and Renault. At Deutsche Bahn, the attack triggered the failure of display panels. The aim of the attacks was to disrupt the availability of IT systems and only release them after payment of a ransom. Fortunately, this has led to IT operators becoming more aware of security measures and backup strategies. Patch management, the use of antivirus programs and control of network communications have resulted in risk mitigation, and there was some calm on the ransonware front.
Many new cases of ransomware
In July 2019, the IT system of the Hamburg jeweler Wempe was compromised by cybercriminals and the company was ordered to pay a ransom. According to reports, Wempe received a password to access the systems after payment of a large sum. However, there is no guarantee that victims will be able to unlock their files. The Wempe incident is not an isolated case, however. Over the course of 2019, security researchers from Malwarebytes have already seen a significant increase in ransomware attacks on businesses. And that’s anything but harmless. The increasing digitalization in all areas makes a possible attack or the associated system failure even more dangerous. The failure of a POS system, for example, can lead to considerable financial losses.
Industrial plants are favorite targets
Inadequate security precautions and weak patch management are typical of industrial environments in particular. This makes it all the easier to attack industrial plants. As these environments increasingly connect to IT networks based on a variety of requirements, it is no longer ensured that these systems are effectively protected against outside manipulation. In factory automation and process control, ransomware must therefore be seen as a massive hazard, especially as the attacks can have an impact on the integrity of health and the environment.
Digital attacks on companies have long been identified as a top risk – and as a result IT security has become a top priority in many companies. This is a welcome trend. While a single security gap is sufficient for the intruders, security officers must secure systems in their entirety. But firewalls and virus scanners are no longer enough, because attack strategies are becoming more and more sophisticated.
Effective protective measures
So what measures can be taken to counteract the risk of ransomware? A sustainable cybersecurity strategy should include at least the following key phases:
While management systems for information security (ISMS) are often used in office environments, they are rarely found in industrial environments. In any case, the following sequence of action applies: First, risks must be assessed based on the company assets to be protected, and then the appropriate protective measures need to be initiated. Network segmentation (e.g. office IT, production networks), secure management of identities and privileged users, network and endpoint security, vulnerability and patch management are just some of the urgently needed technical measures. Businesses should also use real-time analysis tools that detect deviations from the “normal state” or conspicuous behavior of a system and directly alert those responsible.
Integrated cybersecurity strategies needed
In order to check the security of their systems, companies can also use a so-called penetration test, in which external experts use the methods and means of the attackers to identify possible vulnerabilities. However, integrated security management begins much earlier: when selecting and considering systems, plants and machines and checking the entire supply chain. The cybersecurity specialists at TÜV Rheinland i-sec GmbH, for example, can support companies in this work.
Despite all possible and sensible protective measures, emergency management and data recovery must be part of the security strategy, because an emergency can still occur. Both organizational and technical measures are required in the various phases. An integrated approach to cybersecurity thus contributes significantly to the protection of companies and institutions. This is the only way to realistically minimize the risk of becoming a victim of a ransomware attack or other digital attacks.