ICFE eNEWS #16-42 - November 2016
Ransomware and Terrorism

Is it time for a national data breach notification law?
Part 2 - What do consumers think?

By Yan Ross, Director of Special Projects, ICFE

We live in a world of change, with new challenges arising nearly every day. But our responses to the challenges don't have to be built anew, from the ground up, every time we learn of another attack.

"There's nothing new under the sun," is an observation as old as civilization itself. Two manifestations of that comment are terrorism and ransomware.

An act of terrorism of the modern day is usually directed toward an entire system or nation or society, using destructive acts to interfere with the critical functions supporting the lives of the target's population. The specific victims are irrelevant, as the goal is to disrupt the lives of those around them.

Ransomware is similarly utilized to disrupt the life of the individual or organization which depends on the smooth functioning of its information technology to maintain its operations. The specific victim, however, is essential here, as the goal is to extract, or extort, money or other valuable consideration from the affected party.

In the world of identity theft risk management, we may ask what these two phenomena have in common, in order to better understand and respond to the challenges they present.

To prevent or avoid the consequences of an attack of terrorism or ransomware, the defenders must effectively repel every single attempt to perpetrate the crime. The attackers need only overcome the defenses once in any given situation to prevail.

The result is a set of dynamics that places the onus on the legitimate operators of the systems, whether they be physical or cyber-based, to prepare for and institute protocols and take defensive actions which will subdue the attackers.

In this situation, the polar opposites of greed and fear are at work: greed on the part of the ransomware perpetrators, and a healthy fear on the part of the good guys. Note the use of "healthy" in this context: not an irrational fear, but one based on an appreciation of the threat, leading to the adoption of appropriate defensive measures.

What are these "appropriate defensive measures," in the context of identity theft risk management? There is no silver bullet, but here are some of the most important actions and concepts to consider in preparing the right defenses against ransomware attacks.

• Education to train users to avoid clicking on emails from unknown or untrusted senders, especially those with attachments. Links to websites can also be a vulnerability to installation of ransomware, as well as software with embedded macros that can be hacked to gain access to operating systems. This is the first line of defense against those ransomware applications that require action by the user to gain access to the target files and data.
• Install and keep antivirus software updated for virus detection and deletion on IT systems. While anti-virus software is by its nature reactive to new threats as they are identified, they do provide a supplementary line of defense in conjunction with other preventive measures.
• Implement firewalls to block ransomware entry points, as most need direct contact with the command-and-control functions of the target server to encrypt files. Isolating the target files and data sought by ransomware operates an yet another way of guarding against this threat.
• Install and keep current a robust back-up and recovery system, including regular and frequent back-ups, remote or at least separate on-site storage, and systematic duplication and recovery capability. This has always been good practice, even before the onslaught of ransomware, as other systemic failures can have the same deleterious effect of compromising the availability of data and files.
• Invest in keeping personal capabilities and IT training and implementation current, whether it's for personal or business purposes, since it's generally the lack of knowledge and failure to keep up to date that results in vulnerability to ransomware attacks.

Ransomers are like other crooks and terrorists: they will tend to attack weaker and more vulnerable targets. When they see a robust defense system in place, they are likely to move on to less prepared targets. The ransomware practice of sending out large numbers of phishing e-mails, hoping for an untrained user to "click" on the link that lets in the ransom program, is a numbers game.

This is the time to prepare against a ransomware attack, and avoid the situation of having to find out whether the ransomers can actually decrypt the files they have disabled – or whether it's just a con game of taking the ransom payment and leaving the victim with an empty bag.

The ICFE's Certified Identity Theft Risk Management Specialist ® XV CITRMS® course is now available both in printed format and online.

The Textbook and Desk Reference edition of the course book is also available online. Bulk pricing and discounts for veterans and students available. Inquire at yan.ross@icfe.info

Yan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.

ICFE eNEWS is available FREE upon request by visiting the ICFE's Web site and filling out the contact form, selecting "Yes" for "Add to Mailing List." Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

ICFE - Institute of Consumer Financial Education - ICFE.info - 619.239.1401