Ransomware is affecting the motor trade on an epic scale. We speak to an expert on how to kerb it.
Security is a big deal in this day and age. You’ll know that the NHS is still reeling after the WannaCry virus hit a number of machines on its network last month, as happened to government and corporate networks around the world. In case you are not familiar, the so-called ‘ransomware’ encrypts the files on an infected computer and in this case, threatened to delete them unless a ransom, paid in Bitcoin is received. Even then, it is unlikely that you’ll get you files back as it will take someone, somewhere to manually authorise it… which they have no interest in doing after they have both you money and your files.
What you might not know is that this type of software has been affecting the motor trade possibly more than most industries over the past few years. It has mostly been targeted at dealerships, but wherever there is a mixture of weak security and sensitive data, hackers will pounce. To find out what can be done, we spoke to an expert in cyber security in the motor trade. William Taffe was the Cyber Security Business Manager (he has very recently switched companies) at RDS Global, a firm that started as the IT department of one of the main dealer groups in the 1990s, but has since become an IT support and consultancy brand of its own, following an MBO in 2013.
Our first question is why is the motor trade particularly vulnerable? Taaffe explained that the industry is a sitting duck for wrongdoers. “Turnover is what people are looking for. One reason is because the vehicles and stock are of a high value” he said. “The other reason is there is huge amounts of data that is collected, that data is stored in different systems. That data is a
Another draw for criminals is that the consequences of cyber crime are less than street vice. “I saw a story on the BBC website where a frontline fraudster who was dealing in data was asked ‘why are you doing this?’. He said: ‘because I make more in a single day doing this than in a month selling cocaine.’ I thought it was a great quote – it just shows the power of modern criminality, and it revolves around identity fraud” said Taaffe.
So, what steps can be taken to secure your network? Taaffe recommends that each company should have a ‘cyber audit’, which in the case of very large chains could take several days. “One of the first things we do is look at the physical security” Taaffe explained, “I don’t just mean on the network, I mean who can physically walk into a site”.
There are a lot of quick and easy measures that can be taken to prevent random people from wandering into your main server cupboard, such as a lock on the door at the most basic level, rising to more sophisticated access control cards that can log people in and out of parts of your building (and for these, Taaffe recommends a firm called Paxton Access). However, the most sophisticated lock in the world is no use if it is left open. “Processes are one of the most important things you can do” Taaffe said. “It’s about accountability, such as who’s job is it to flag things up if there is a breech and is it mentioned in management meetings?” These ‘cyber essentials’ as Taaffe refers to them are obvious, but he explains how common it is to find firms that don’t even have a policy in place for the staff
This brings us on to another point that firms might not be aware of. By 2018, every company with more than five people will have to implement a cyber security policy, or it will be breaking the law itself.
However, the problem of the day is not with people physically messing with the computers, but perpetrators in unknown countries infecting computers with malicious software, or ‘malware’ as Taaffe calls it. “It takes different forms, but what you are we’ve been seeing is ‘multi-faced’ malware” Taaffe explained. “It doesn’t have one specific line of coding, it has a group of different coding. It will sit on your network very efficiently and it won’t run any applications. You might have heard the phrase ‘zero data tag’ which means something that hasn’t been seen before, so it bypasses the anti virus software. It can get into your system and work out where the vulnerabilities are – and then work out what face to put on. Sometimes, with the right conditions it can lock your network up and ask you for Bitcoin to unlock it”.
Once the computer is infected, there isn’t much you can do. “The police will always advise you not to pay, but the reality of the situation is that it is not black and white: said Taaffe. “The cost to the company for being ‘down’ was £100,000 per day. Sometimes it is better to pay the ransom and then rebuild the network, rather than keep it offline for days and days”.
Taaffe recalls a recent experience where a hacker had exploited a vulnerability in a network to extort a ransom. “In this case, they had a process, but it just wasn’t followed. There’s no point in sending out a memo once a year it has to be followed up regularly” he said.
Another old tactic that has seen resurgence is phishing. This is where the user is duped into handing over data by someone pretending to be something they are not – and this has moved on a lot from the days of apparent Nigerian princes asking politely for your credit card number. “Modern phishing attempts are more advanced” said Taaffe. “Some will learn individual employee’s diaries and will pretend to be them at certain times of the day, asking for certain amounts of cash to purchase vehicles or whatever. You’d be surprised by the number of people that get taken in by them.”
As with so may things, training, vigilance and enforcing policy are the best guard against criminals. “There are two misconceptions in the market and the first is that you can solve security problems by throwing technology at it: You can’t. The second is that they go away if you install anti virus software, that just won’t cut it anymore” concludes Taaffe.