No denying this: inside a cyber attack - The Australian Financial Review

No denying this: inside a cyber attack - The Australian Financial Review

He says there is often an overreliance upon technology that can leave gaps in the people and process elements of security operations. “Very often, organisations have the tech, but not the teams or the experience to deal with threats. Seconds matter in threat response and knowing when you need help and reaching out for it is essential.”


Levy knows what he’s talking about – he has been spearheading Sophos’s global technology strategy since 2015, driving product and services innovation after spending more than 15 years working in the trenches of cyber security for other industry leaders.


Swift and sure action is essential for threat responses … Joe Levy.  Supplied.


“Depending on the nature of an attack, for many regular users, the attack may be completely invisible and indiscernible,” he says.


“A threat actor using native operating system tools and stealing data can do so beneath the radar of many traditional security controls, and with minimal impact to a system meaning a user could go about their work as normal, none the wiser.”


But he says ransomware attacks – which are becoming increasingly common as the price of virtual currency (the attackers’ booty of choice) continues to soar – can be more obvious if you know what to look out for.


“Ransomware attacks are often noisier. While data is being encrypted, system performance sometimes decreases leaving a machine performing sluggishly.


“File thumbnails or previews switch from descriptive images to blank icons as the operating system can no longer understand what kind of file it is – the encryption rendering them unreadable.


“Then unexpectedly, a popup or note appears informing the user of the damage done. File extensions suddenly change from ‘.docx’ to something odd like ‘.locky’.


“Unless event telemetry is being analysed, network tr ..