As we saw all over the news, the past weekend, a hacker group released a ransomware virus, which has become known as WannaCry. The attack infected 200,000 victims in over 150 countries. Large organizations which were hit include FedEx, Telefonica, Renault, and the Russian Government. Could this nightmare pose a threat to your innovation management security?
Users who were infected received a message stating that their computer was being “held hostage”, and by sending the equivalent of approximately 300 Euros in Bitcoin they would be able to regain control of their computer and their files. This attack was so widespread that Europol described it as being unprecedented in scale. Upon the realization that the attack was based on stolen NSA tools, Microsoft president and chief legal officer Brad Smith compared it to the military losing weapons, writing that “…an equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
At Qmarkets, none of our customers' systems were affected by this attack, and we were in close contact with cybersecurity firms throughout the duration of the attack, monitoring it and keeping abreast of the situation, ready to provide immediate support and solutions for any situation which may have arisen.
How you can Prevent an Attack
Having your computer held hostage and needing to pay ransom to see your files again is not ideal, to say the very least. As most open-innovation systems are web-based, this means that all the standard web-based attacks can be carried out. These include: DDoS (distributed denial-of-service), Password attacks, Man in the Middle (MitM) attacks, Cross-site Scripting (XSS) and SQL Injection.
To ensure that your systems will not be infected in similar attacks of this type, here is a list of several things to do and look out for:
- Above all, make sure that the vendor you choose for your innovation management system is a high-end company that is used to working with global enterprises, and has a long and successful track record of satisfied clients.
- Make sure all computers and servers and all other peripheral equipment are always up-to-date with latest security patches, and that all machines have valid anti-virus and security systems installed, with automatic updates of latest virus definitions.
- Block potentially dangerous file extensions from your email servers, including .js, .jar, .bat, .exe, .pif and .cab files.
- It’s important to note that sometimes ransomware can also be sent by valid files, such as .docx or .pdf files, so it’s important to use email gateway disarming, such as Symantec Messaging Gateway, MailScanner or Sandblast.
- Clamping down on Network Access Control (NAC) for computers that are not recognized or that try to remotely access the network.
In addition to the above, there are two indispensable steps which every organization should take, regardless of their size, whether they are a small business with 10 employees or a global-scale enterprise-grade business with 100,000 employees:
- Increase user awareness: Despite the fact that we are firmly entrenched in the age of technology, there are still many older users who are less familiar or comfortable with computer systems, and may be prone to mistakes, mistakes which can end up being costly. Schedule periodic refresher courses for all employees, and stress that if a user does not recognize the email sender or is prompted to open something they are not familiar with, they should call someone who can help them out.
- Backup, backup, backup: A ransomware attack works by preying on the fact that most users need their files and will pay to get them back. A company that runs constant, nightly backups to an external location will be able to counteract this threat and mitigate a large amount of the damage this type of attack entails.
Qmarkets Protects your Data Security
At Qmarkets, none of our customers were impacted, and all our systems, as well as those of our customers, continue to behave as normal. However, this once again brings into sharp focus the necessity of having not only strong innovation management security, but also the importance of working with a vendor that is proactive when it comes to security instead of being reactive.
- Qmarkets' servers are situated in high-security data centers which are certified ISO 27001:2005 across all business operations, and which are SOC 1, PCI and DSS compliant.
- All internet traffic is protected by firewall and is encrypted using 256 bit SSL encryption (HTTPS / SSH).
- All IP ports to internet are closed, aside for HTTPS and SSH, and we can limit user access to your intranet/VPN IP addresses.
- Authentication SSO (Single Sign On) is a de-facto standard for Qmarkets, with 95% of our customers employing one of 7 different SSO methods supported by Qmarkets (including Standard SAML or Kerberos, and non-standard like SAP, LDAP based and others).
- Qmarkets uses only the most secure hardened linux-based servers.
In addition to the above, the security policy is incorporated into all aspects of the company, and we perform random penetration tests and security audits to ensure that Qmarkets is always at the forefront of the highest industry standards. We are always on the lookout for potential security issues, and are in constant contact with cybersecurity firms both in Israel and around the world to ensure that the continued security of our systems.