Foreign currency and travel money service Travelex was attacked with ransomware on 31st December 2019. The attack rendered the Travelex website unavailable for the entirety of January 2020 and had a significant impact on the company’s wider operations – with attackers reportedly demanding a ransom of £4.6m to restore stolen data.
Serving a prominent reminder that businesses must be as scrupulous as ever when it comes to cybersecurity, here are some key takeaways from Travelex’s ransomware attack.
It is widely reported that Travelex failed to patch a known vulnerability in its systems that was published back in April 2019, leaving the door open for hackers. According to security experts, the key thing businesses should learn from this is to have a rigorous vulnerability management program in place.
Although this may sound like a big deal, it’s actually just about knowing which technologies your business uses and keeping on top of your patches and updates. These are regularly released by vendors – take the Windows vulnerabilities of January 2020, for example. The bottom line: business-critical software updates are not to be ignored.
The preparation and response from Travelex was also poor. Reportedly, the company had to resort to pen and paper after the ransomware attack – a major inconvenience when so many customers now rely on the speed and ease of digital operations.
Ensure that if your business loses access to a system, you have backups in place to restore from a certain point in time. And not just virtual backups, as these can also be encrypted if an attacker finds them. Employ encrypted, off-site backups that are safely out of reach from threat actors and which can be relied upon to restore your essential data to avoid paying a ransom.
In the first two weeks of January we saw vendors including Microsoft and VMware announce major vulnerabilities that need patching. But who in your business in responsible for keeping up to date with vulnerability announcements? Who oversees the process of patching and ensuring software is up to date?
With more and more of these vulnerabilities being exploited, it’s critical to have a clear strategy for addressing them. Assign a person or team within your organisation to be responsible and accountable when it comes to maintaining best practice cybearsecurity. Make sure they have an overview of every piece of technology you’re using and can identify when that technology becomes vulnerable. Most importantly, establish a process to fix issues when they arise and how to communicate these issues to your wider team and clients when necessary.
Relying on third parties is part and parcel of adopting a digital strategy. Whether you use open-source services like Google Docs, host your applications in the cloud, or host your systems on an on-premise server, the software or hardware is manufactured by a third party and this is always a potential risk – albeit a risk that is often outweighed by advantages of using the tech.
It’s commonplace that companies don’t have the expertise to build cybersecurity platforms in house to deal with vulnerabilities that could result in a ransomware attack. So, tapping into the expertise of specialists can really help you avoid disastrous outcomes like the one we’ve seen with Travelex.
If you’re in need of expert security knowledge, UKFast and sister security firm Secarma help organisations understand the risks to their business and provide consultation and technologies to mitigate key threats. There isn’t a one-size-fits-all answer to keeping your business secure, so we approach it in a bespoke manner to ensure our customers are safe.
Advice from our experts: “When businesses look at themselves internally, they can be blinkered by familiarity with their own technology. You might see one area and identify it as the major vulnerability and risk to the company, but if you bring in someone from the outside they’re often able to see with fresh eyes and identify much more clearly what is going to get hit first and where the gaps are.”