Ransomware deserves attention from CFO

Cyber attacks in the form of ransomware are on the rise. Recently, the Netherlands was again under the spell of a new hostage virus: GandCrab. This left thousands of Dutch people unable to access their important photos and documents. Only when the victims paid over a thousand euros did they regain access to their computers. However, ransomware delivers more damage than the ransom. Who is actually responsible?

Three questions for Erik Vossers, technical consultant and Service Center coordinator at ICreative. He explains why ransomware requires the special attention of CFOs and wrote a white paper specifically for Basware users.

Why should ransomware be high on the CFO's agenda?

'Finance contains a wealth of sensitive data at the departmental level which makes it attractive for cybercriminals to use this data for a so-called hostage virus. And the more human actions involved, the more vulnerable the organization is to cybercrime. However, it is the responsibility of a CFO to identify the risks and potential financial impact of cybercrime while also ensuring that appropriate resources are allocated to prevent and deal with incidents. With the growth of ransomware, companies are paying an increasingly high price for cyber attacks.

How high is the price of ransomware?

'The problems often arise when standard images and attachments cannot be shown or are not available. We receive these reports at the ICreative Service Center and immediately the first costs are incurred: the research work. We investigate the cause and if it turns out that the files have been encrypted as a result of ransomware, the first thing we do is spend time isolating the problem and finding a solution. In the case of older viruses, a decryption key may be available. If there isn't, the most common procedure is to recover what has been done. IT then restores the most recent backup; usually from the previous day.

However, many companies underestimate what a day's work entails: from the moment of backup to the moment of ransomware discovery. What you actually did, what data was mutated and what it takes to get the work back. The damage is especially great if a lot of paper invoices have been scanned: often these have already been disposed of or destroyed. You can, of course, choose to pay the ransom, but then, of course, you have no guarantee that you will actually get your files back.'

Isn't cybercrime IT's responsibility?

'Invoices that come in by e-mail are an easy entry point for a virus. After all, if an accounts payable clerk opens even one wrong invoice, the computer can already be infected and with it the network. Because fake invoices look particularly real these days, opening an infected file is easily done. Technically, this is IT's responsibility. IT must ensure proper security, but it is also a matter of assigning the right permissions.

It is common for users to have more permissions to certain folders and files than actually needed. This is often the case when a department is seen as a user group and they all have the same rights, when perhaps only three out of 10 employees need the rights. When users have mutation rights, this automatically poses a risk. When using cloud software, the risk is less because the distance to the database where everything is stored is greater; there is no direct link other than through the so-called application layer. Moreover, outsourcing work also means outsourcing risk management.'