Skip to main content
Article

Cyber risks and crisis response in business

Risk & Analytics|Cyber Risk Management
Risk Culture

January 20, 2020

It is important that organisations accurately identify, assess, evaluate and manage their cyber risks in order to operate securely online.

Background

On the 31st December 2019, the website for Travelex (a well-known foreign exchange company) became unavailable and displayed a technical error message preventing customers from accessing their online accounts.

Two days later Travelex issued a statement via social media that its systems were taken offline due to a software virus but that customers could still attend branches for foreign exchange services where manual (pen and paper) transactions were taking place, Travelex stated there was no indication that personal or customer data had been compromised.1 In a subsequent message to the financial markets Travelex confirmed that the National Crime Agency and the Metropolitan Police Service had been informed and were investigating.

On 6th January Computer Weekly published an article stating that Travelex had been the victim of the ‘Sodinokibi’ virus (also known as REvil) and that a significant ransom demand had been made to Travelex. 2

As of the 15 January the Travelex website still remains down, with significant consequential effects being felt by customers and their sentiments posted on social media. It appears that whilst some internal systems are now available others remain offline. At the time of writing a number of banks and supermarkets hosting currency exchange through Travelex are still impacted and it appears that a significant effort is underway with the assistance of IT teams and cyber security experts to restore those affected systems.

Whilst share price performance cannot be solely attributed to the attack, shares in Travelex’s parent company (Finablr) have dropped since the day before the attack from 171.9p to 136.4p on 17th January 2020. This equates to a reduction of around 21% for shareholders.3

The above scenario is not uncommon and will unfortunately sound familiar to many businesses due to the ease with which ransomware can be deployed.

Ransomware is a significant risk for an organisation of any size and has been growing since the first variant was released in 1989. The advent of ransomware as a service (where cybercriminals write ransomware code and resell/hire it to other criminals for a small fee) allows criminals to target your organisation without having the technical knowledge they once needed.

So what can you do about it?

The easiest and simplest form of delivery for ransomware has traditionally been through phishing e-mails. These e-mails are generally sent in the hope that an employee will click the embedded link or attachment and trigger the ransomware to install on the business network.

Effective controls involve defending against phishing attempts. Organisations should train all staff to identify and report all phishing e-mails, not to click links on e-mails they aren’t expecting and to delete them. the culture within the business should actively encourage reporting; especially where the user has clicked any link within that e-mail. Analysis of the reports from colleagues will allow an organisation to understand the way it is being targeted and how often it is attempted, it should also be used to influence the way the business secures its systems security should underpin how the business operates.

Some of the more recent variants of malware take advantage of unpatched systems and applications. Vulnerability management and patching reduces the likelihood of older (more widely known) ransomware from taking hold, it won’t necessarily stop you getting infected though if it’s through a new vulnerability (otherwise known as a zero-day exploit).

Organisations should have a well-developed vulnerability management policy, and processes for keeping systems up to date with the latest patches and secured against the latest vulnerabilities. A network that is up to date and patched regularly will reduce the likelihood of older vulnerabilities being exploited.

Another way to reduce the likelihood of ransomware is to control code execution on end user devices. Some software applications come with programs called macros; whilst these are written and used for genuine reasons, criminals also write these for their own gain. Your business should assess whether these macros are required or whether they can be isolated.

Finally having good access control on your network, whilst maintaining regular backups of all your systems will reduce the impact if a ransomware attack takes place. Effective access control limits the spread and the impact of the malicious code and taking regular backups allow you the ability to reinstate affected software to the last known good state with minimal data loss.

Crisis Response and Risk Management

Whilst the full circumstances around the Travelex attack won’t be known for some time, there are some simple things that you can consider in order to assess whether your organisation could deal with a similar event.

  • Do you know and understand your cyber risks?
  • Have these been accepted at board level?
  • Which business systems and applications are critical to delivery of a process?
  • Are they regularly updated with the latest patches?
  • Do you have a disaster recovery plan?
  • When was it last tested?
  • Do you undertake independent assessments / audits?
  • When did you last exercise / test the board in a cyber scenario?
  • Do you have a crisis response and communications plan?
  • Could you go back to basics and deliver a business for an extended period using pen and paper?

The way you manage risk demonstrates to customers and shareholders how you value your business.

If you need further advice or guidance on any of the above please contact  Jim Fox

1 https://www.bbc.co.uk/news/business-50977582 

2 https://www.computerweekly.com/news/252476283/Cyber-gangsters-demand-payment-from-Travelex-after-Sodinokibi-attack 

3 https://www.londonstockexchange.com/exchange/prices-and-markets/stocks/summary/company-summary/GB00BJ7HMW26GBGBXSTMM.html 

Contact

Risk Management Executive - Cyber and Information Security

Contact Us