Last Monday, I got a text message from my uncle saying his office computer was hacked, and he couldn’t access any of his files. Even without probing further, I already knew he’d been hit with ransomware and was now an unwitting victim in a criminal industry estimated to be worth Billions of dollars.
After learning a bit more, I found out that the IT guys at the company backed up their data (which was good), but stored all backup files on the same computer (which was bad). I guess they kept it on a different hard-drive which mitigated the risk of hard-disk crashes, but didn’t effect any other type of risk. What if someone had broken into the office and stolen the whole computer? What if the Office was burnt to the ground or flooded? With all the backups on the same computer these risk would completely wipe out all their data–even if the files were stored in separate drives.
Ransomware is particularly interesting, the ‘industry’ has experienced tremendous growth the last 2 years, and it’s now the number one cyber-threat small business owners face. But before going into ways of addressing the threat, it’s important we understand cyber-threats in general, and for that we need the CIA.
Confidentiality, Integrity and Availability (CIA)
No, not the spy agency, but the acronym that stands for Confidentiality, Integrity and Availability.The three pillars make up the InfoSec Triad, and a threat is something to affects any one of the them.
- Confidentiality means keeping the data confidential only to authorized users
- Integrity is assuring the accuracy and completeness of data and that it hasn’t been tampered with
- Availability refers to the ability to make it available on request
People often focus on Confidentiality, going all out on setting strong passwords, file encryption and firewalls to protect data for being siphoned out. But security threats, like Ransomware and DDOS attacks, do not affect the confidentiality or integrity of data–and the protections you put in place to help with confidentiality and integrity are useless against them.
File encryption, a necessary tool to protect the confidentiality of your data, does not protect against ransomware attacks (you can still encrypt and encrypted file), and setting strong passwords does not protect your website from being hit by a DDOS.
There is no panacea in cyber security, only specific actions to address specific threats, and unless you’re addressing availability threats like ransomware and DDOS attacks, your general anti-virus is quite useless against it. So let’s breakdown the Ransomware threat and see how its evolved to become the darling of cybercriminals everywhere.