Right on the cusp of a new year and decade, Travelex made headlines around the world as the subject of a sophisticated ransomware attack. In this blog, Avinash Prasad looks at how you can avoid finding yourself in a similar situation.
Picture this dreaded scene: you wake up one day, turn on your computer and you see a pop-up message. All of your data has been encrypted. You can’t access any of your work or personal files, your messages, and so on. Your machine has been rendered essentially useless, unless and until you send funds via a highly complex route to an untraceable account of a mystery person – someone who is holding you and your life to ransom.
Now imagine the same thing has happened to your entire business. Globally.
This was the scenario facing Travelex, a major foreign exchange and currency provider, as it dealt with the impact of an ongoing ransomware attack which first struck on New Year’s Eve. Many of us that are frequent travellers have probably used Travelex services and know that the company has many outlets distributed across several countries, about a 1,000 outlets in 26 countries to be precise. Currently those stores are trying to get back to normalcy, with staff previously having to resort to paper-based processes in an attempt to serve customers.
The company’s online currency services also went down, and partners including HSBC, Barclays and First Direct – which rely on Travelex to provide foreign currency options to their customers – are unable to offer this service.
The threat in question is a particularly sophisticated strain, the Sodinokibi Windows ransomware.
Reports state that this ransomware is available for purchase online, ready to be deployed by cybercriminals targeting large businesses in the hope of a significant ransom pay out.
Whether or not these particular cybercriminals were successful in achieving the $6m they demanded from Travelex is unclear. But the devastating effects of this attack reinforce the significant risks posed by increasingly powerful malware and ransomware today. So how can businesses protect themselves to avoid becoming the next major victim?
Stay clean and stay updated
While it sounds obvious, it’s so often overlooked because it can be operationally hard: critical updates and patches (often issued as a direct response to emerging threats) are no good if they aren’t implemented in a prioritised manner. In our experience this is more than just a workload issue attributable to over-stretched IT and security teams. Often there are cultural and organisational issues in play whereby teams are kept waiting for sign-off to implement new patches. A CFO for example might fear a patch causing downtime around key financial reporting periods such as month or year end. Delaying the implementation of patches can leave firms extremely vulnerable to new threats and should be avoided at all costs.
Be proactive through vigilance
Buying a security solution (or suite of solutions) doesn’t mean it’s “job done” for the year. Companies must maintain a proactive mindset. The threat landscape is constantly changing and simply deploying security tools and hoping for the best while new threats emerge is not a strategy.
The “incident response” mindset is getting outdated and instead, companies must implement “continuous response” thinking.
This means deploying both detection and predictive tools and red-teaming services to gain a complete overview of your defences and addressing any weaknesses as soon as they are uncovered.
Companies should make this switch as part of their ongoing digital transformation efforts.
You’re not alone
Due to the scale of the security challenge facing businesses today, more and more organisations are turning to managed security services providers (MSSPs). MSSPs can work with companies to develop preventative security strategies based on the risk profile of the company, to reduce the chances of the organisation falling victim to an attack, for example by providing constant proactive monitoring and threat hunting.
If the worst happens, MSSPs also support businesses with emergency response to help mitigate threats, including services like emergency helps desks and proactive patching of antivirus systems, servers and desktops.
This would be a hefty job for a business to tackle on its own, especially at the time of a highly stressful and evolving crisis such as the crippling ransomware attack Travelex is currently facing.
It’s hard to overstate the impact this attack is having on Travelex’s business, its partners and its customers. The cost of any such breach stretches to millions with only a few hours of impact. These types of attacks are becoming more frequent, more serious and more damaging. No business can hope to have a 100% effective security strategy in the modern era, but a strategic mix of proactive and reactive strategies and well-chosen security partners will give any organisation the best possible fighting chance of averting and repelling threats.
As we head into a new year and a new decade, take a look at our top 5 blogs of 2019.
Transformational Hybrid SolutionsOur cloud-enablement services offer the best performance on your traffic-heavy websites or mission-critical applications.
Core NetworksTata Communications™ global IT infrastructure and fibre network delivers the resources you need, when and where you need them.
Network Resources 
Unified Communications As A ServiceBreak the barriers of borders efficiently and increase productivity with Tata Communications’ UC&C solutions.
Global SIP ConnectEmpower your business with our SIP network and witness it grow exponentially.
InstaCC™ - Contact Centre As A ServiceCloud contact centre solutions for digital customers experience and agent productivity.
DIGO – Communications Platform as a ServiceDIGO is an in-network cloud communications platform, enabling you to power up converged contextual human-to-everything conversations globally.
Unified Communication Resources Case studies, industry papers and other interesting content to help you explore our unified communications solution better.
IoT SolutionsThe Internet of Things is transforming the way we experience the world around us for good. Find out more about our Internet Of Things related solutions here.
Mobility SolutionsTata Communications’ mobility services enable your enterprise to maintain seamless communication across borders, with complete visibility of cost and usage.
Multi-Cloud SolutionsWith enterprises transitioning to a hybrid multi-cloud infrastructure, getting the right deployment model that yields ROI can be a daunting task.
Cloud ComplianceCompliant with data privacy standards across different countries and is also designed to protect customers’ privacy at all levels.
IZO™ Cloud Platform & ServicesIZO™ is a flexible, one-stop cloud enablement platform designed to help you navigate complexity for more agile business performance.
Managed Infrastructure ServicesIntegrated with our integrated Tier-1 network to help your business grow efficiently across borders.
Cloud PartnersWe support a global ecosystem for seamless, secure connectivity to multiple solutions through a single provider.
Governance, Risk, and ComplianceRisk and Threat management services to reduce security thefts across your business and improve overall efficiencies and costs.
Cloud SecurityBest-in-class security by our global secure web gateway helps provide visibility and control of users inside and outside the office.
Threat Management - SOCIndustry-leading threat-management service to minimise risk, with an efficient global solution against emerging security breaches and attacks.
Advanced Network SecurityManaged security services for a predictive and proactive range of solutions, driving visibility and context to prevent attacks.
Cyber Security ResourcesCase studies, industry papers and other interesting content to help you explore our securtiy solution better.
Hosted & Managed ServicesTata Communications provide new models for efficient wholesale carrier voice service management. With our managed hosting services make your voice business more efficient and better protected
Wholesale Voice Transport & Termination ServicesYour long-distance international voice traffic is in good hands. End-to-end, voice access & carrier services which includes voice transport and termination with a trusted, global partner.
Voice Access ServicesTata Communication’s provide solutions which take care of your carrier & voice services, from conferencing to call centre or business support applications.
CDN Acceleration ServicesOur CDN Web Site Acceleration (WSA) solution helps deliver static and dynamic content, guaranteeing higher performance for your website.
CDN SecuritySafeguard your website data and customers’ information by securing your website from hacks and other mala fide cyber activities.
Video CDNDeliver high-quality video content to your customers across platforms – website, app and OTT delivery.
Elevate CXIncrease customer satisfaction while empowering your service team to deliver world-class customer experience and engagement.
Live Event ServicesTata Communications’ live event services help battle the share if eyeballs as on-demand video drives an explosion of diverse content available on tap for a global audience.
Media Cloud Infrastructure ServicesTata Communications’ media cloud infrastructure offers flexible storage & compute services to build custom media applications.
Global Media NetworkTata Communications’ global media network combines our expertise as a global tier-1 connectivity provider with our end-to-end media ecosystem.
Use CasesUse cases of Tata Communications’ Media Entertainment Services
Remote Production SolutionsMedia contribution, preparation and distribution are highly capital-intensive for producers of live TV and video content, and their workflows are complex.
Media Cloud Ecosystem SolutionsThe Tata Communications media cloud infrastructure services offer the basic building blocks for a cloud infrastructure-as-a-service.
Global Contribution & Distribution SolutionsTata Communications’ global contribution and distribution solution is built to reduce capital outlay and grow global footprint.
Satellite Alternative SolutionsAs more and more consumers choose to cut the cord & switch to internet-based entertainment options, broadcasters are faced with capital allocation decisions.
LeadershipA look into the pillars of Tata communications who carry the torch and are living embodiment of Tata’s values and ethos.
Culture & DiversityHere at Tata Communications we are committed to creating a culture of openness, curiosity and learning. We also believe in driving an extra mile to recognize new talent and cultivate skills.
OfficesA list of Tata Communications office locations worldwide.
SustainabilityTata Communications adopts a holistic approach and harnesses the power of new-age technologies like 5G, IoT and AI to build a sustainable digital world.
FAQCheck out our FAQs section for more information.
BoardHave a look at our board of members.
ResultsFind out more about our quarterly results.
Investor PresentationsFollow our repository of investor presentations.
FilingsGet all information regarding filings of Tata communications in one place.
Investor EventsAll investor related event schedule and information at one place.
GovernanceAt Tata, we believe in following our corporate social responsibility which is why we have set up a team for corporate governance.
SharesGet a better understanding of our shares, dividends etc.
SupportGet all investor related contact information here.
Oracle
Amazon Web Services
Microsoft
Google Cloud
IBM Cloud
Salesforce
Alibaba Cloud
Digital Futures
Smart Cities
Corporate Venturing and Innovation
