Defending Against Ransomware

Understanding how cyberattacks gain access to systems will help protect businesses and individuals.

Western Sydney University’s Dr Abubakar Bello is developing proactive security and defence strategies to thwart cyber criminals using ransomware.

Bello, a lecturer at Western’s School of Social Sciences, explains that ransomware attacks often begin with malicious software encrypting a user’s system or personal files, followed by a demand for the victim to pay before they can regain access to the files.

The emerging internet of things (IoT) will make society even vulnerable to hackers, he adds. In future, individual smart appliances could be infected and rendered inoperable. With some ransom demands as little as AUD$20, it may be easier to pay than repair any damaged caused by the criminals.

Need to know

  • Ransomware is a cyberattack where a user’s files are made inaccessible until a ransom is paid.
  • There are gaps in cybersecurity awareness and education.
  • Abubakar Bello is trying to develop proactive defence strategies against such attacks.

To dig into this, Bello and his colleagues have conducted interviews with executives and managers from several financial, technology, construction, transportation, education, and health industries looking to uncover the human behavioural factors that are making ransomware so profitable for online thieves. Via these interviews, Bello saw significant gaps in everything from basic knowledge to more sophisticated understandings of how cybercriminals gain access to a user’s technology through ‘social vectors’, such as phishing emails or software automatically downloaded via certain websites. Many interviewees somewhat mistakenly assumed miscreant behaviour was behind breaches, rather than the increasing sophistication of attacks, he says.

As part of the broader defense picture, Bello is linking up with local corporations and government organisations to help provide cybersecurity audits and risk management services. This includes Gridware, an Australian firm focused on cyber defence. Gridware’s involvement in mutual projects will include the development of artificial intelligence and machine-learning based monitoring and reporting technologies, as well as incident response and management control frameworks.

While these will be important, Bello thinks user training and awareness plays a major role in defending against the psychological vectors often involved in ransomware attacks. Some of his work has aimed to identify what type of cybersecurity awareness and education programmes are needed to protect against ransomware attacks.

“Traditional education forms didn’t work so well,” he says. People needed the interactivity of simulations, virtual labs and gamified learning to help them really grasp real-world attack vectors, he explains. “Cyber criminals are constantly changing their tricks for gaining access, so these trainings will also need to constantly adapt,” he adds.

“Even in cyber-advanced nations like the US, where several government-sponsored security initiatives encourage secure cyber behaviour, there is a lack of protective measures against current and future methods of ransomware attacks.”

Meet the Academic | Doctor Abubakar Bello

Dr Abubakar Bello is currently an ACA and Lecturer in Cyber Security and Behaviour at the School of Social Sciences: Criminology and Policing discipline, Western Sydney University. He received his doctorate degree in IT with a technical, business and social focus on Information Security and Privacy from Murdoch University, MBA from Western Sydney University, and MSc and Bsc in Computer Science from the University of Wolverhampton UK.  He has extensive teaching experience ranging across various information systems, cyber security and risk management courses, and also worked across several corporations, privately held entities and government organisations in Australia where he provided technology audit and security risk management services.  He is currently researching on Active Cyber Defence Security Strategies (ACDS) for fighting cyber crime; and the role of cyber security controls on people performance and satisfaction. He also has a strong interest in conducting research in areas such as security in social networks, security predictive analytics, cyber physical systems, security and dependability, business applications, trust, privacy, cyber forensics, cyber security risks and decision making, and the psychology of security compliance in the cyber space.

Abubakar is also a member of professional and academic computing society bodies, and has been an ad hoc reviewer of academic journals. 

Credit

© -VICTOR-/DigitalVision Vectors/Getty Images © freestocks/unsplash © solarseven/iStock / Getty Images Plus
Future-Makers is published for Western Sydney University by Nature Research Custom Media, part of Springer Nature.