Latest ransomware attack highlights need for organizations to install a ‘Human Firewall’.
Pilz, one of the world’s largest producers of automation tools, became one of the latest in a string of victims of the BitPaymer ransomware.
According to a statement from Pilz, since Oct. 13 (2019) all servers and PC workstations including the German-based manufacturer’s communications have been affected worldwide. Two weeks on from the attack, the company is still rebuilding its network, having had to wipe hundreds of Windows computers and servers, which effectively shut down sales operations by disabling the company’s ability to process orders.
BitPaymer, a ransomware strain that appeared in the summer of 2017, has been tied to several high-profile incidents that include iTunes, Arizona Beverages and several Scottish hospitals. Unlike regular ransomware strains, BitPaymer’s authors engage in what’s called “big game hunting” – the act of only going after high-value targets in the hopes of extracting a large ransom payment.
Initial infiltration is obtained via phishing emails, with the hackers seeking out a single person within an organization and exploiting human nature by using tactics such as social engineering to gain their trust and encouraging them to click on malicious links. Despite conventional expectations, the highest-profile people within an organization are not necessarily the highest-profile targets for hackers.
Employees are one of the hardest risks for an organization to manage because most of the risk that employees face are ones that organizations cannot see. With the change in technology and the way people consume content and use social media, the engagement of employees is even more critical than ever. In fact, it’s an absolute necessity given cyber criminals continue to refine techniques that target people rather than infrastructure.
According to reports more than 99 per cent of global cyberattacks in the past year were reliant on human error to gain access, with email providing the entry point for 91 per cent of cases.
“The stark reality is that human beings are the most effective routes to infiltrate organizations. Attackers such as those behind the BitPaymer ransomware are having massive success worldwide, affecting multiple companies by exploiting their front line of defence,” commented Dennis Schindler, Business Development Director at SAI Global. “But human error, and mitigating the risk of human error, is a risk factor that can be easily overcome. By fostering stronger employee engagement tactics in training and communications, organizations can help reduce the impact of human error and in fact create a human firewall.”
Awareness training is a critical part of creating a cyber-aware culture, but it is only one piece of the fibre that defines an organization. But in order to truly create a human firewall, it comes down to providing employees the appropriate level of training and having policies and practices embedded in the company culture as robust, repeatable processes focused on secure behavior around cybersecurity. Having a corporate culture of cyber awareness within an organization will drive the risk its employees will take. After all, employees making the right decisions is one of the most important risk mitigation strategies.
Schindler adds: “A sustainable cybersecurity risk management program needs to empower employees to detect, avoid and report security risks and phishing attacks. But in order to ensure a robust cyber risk program, companies need to start by fostering a top-down, security-focused and cyber risk-aware culture throughout the organization.”
Click here to find out how SAI Global helps organizations like yours create a cyber risk aware culture.