Steps of a cyber attack

Cyber attacks are ever increasing, and the occurrence of ransomware in particular continues to rise. In the second quarter of 2021, New Zealand cyber security organisation CERT NZ reported a record increase of 150% in ransomware reports on the previous quarter.

Kiwi businesses and staff can easily be exposed. The following scenario (while fictitious) demonstrates in three steps how easily an attack can happen, and how quickly things can unfold.

1. Employee innocently clicks link in a phishing email prompting ransomware to spread through the network locking files.

2. The hacker demands a ransom of $250,000 in bitcoin to provide a decryption key for releasing the locked data.

3. Hacker threatens to end communications , delete or release the highly sensitive employee and client information, if a deadline of six days is not met.

Understanding the extent of disruption

In this scenario all data is locked, with phones and internet access down too. Ransomware has even spread to other locations and data back-ups are blocked. Everyone involved needs to move quickly, working within the tight six-day deadline. Trust and public reputation are seriously at risk.

Meanwhile forensic experts try to determine who the hackers are. It’s not always possible to track down who is behind the attack, meaning if the business decides to pay the ransom, it could even be helping to fund terrorist activity. Sourcing bitcoin to arrange payment on time could also prove challenging. 

Other factors to be mindful of are whether the decryption key will even work, and how long it could take. It may be several weeks, resulting in a lot of downtime for the business.

Ransomware attacks happen all over New Zealand across a wide range of sectors.

Having a plan to help businesses act fast

Cyber insurance policies such as CyberSAFE include access to a breach coach via an 0800 hotline. The breach coach is the first point of contact; they help coordinate IT, forensic, legal and PR experts to help restore the network, minimise exposure to loss or liability, and manage reputation damage.

Alongside insurance, having a breach response plan will enable businesses to manage the actions and decisions more promptly in the aftermath of an attack. Some of the key items to cover in a breach response plan include:

• Cyber insurance information, and the hotline 0800 number to access the breach coach
• Details of who your ultimate decision makers are in the case of an attack, and how they can be contacted during and outside office hours. Weigh up if it should be senior management or a panel of relevant departments such as in-house legal, IT and operations
• Does the business have a way to readily access bitcoin if the need arises?  
• A communication strategy which gives some consideration to how much information the business would be comfortable sharing in different scenarios, taking into account privacy obligations and what the escalation process should be

More tips to manage cyber risk