Media Prima ransomware experience a timely reminder to CTOs

• Companies must ensure base level of protection, policies in place to protect assets
• Chia Nam Liang, Pikom CIO Chapter Chair shares three key pieces of advice

THE widely reported ransomware attack of leading Malaysian media company, Media Prima Bhd’s email server, will serve as a chilling reminder to all heads of IT on the importance of ensuring they have at least the base requirements of a strong security system in place. While Media Prima has declined to comment on the matter, it was first reported by The Edge Financial Daily that Media Prima's email server had been hit by malware, with a ransom of 1,000 Bitcoins demanded for the release of its email server. Media Prima has apparently declined to pay the ransom and has moved to a new email system.

According to two experts DNA spoke to, an email system expert and a senior executive of a regional web hosting company, the requirements of a strong email security system don’t just revolve around software and hardware. Equally important are people issues and creating an organizational mindset where security is an ever present consideration.

“The hygiene factors for securing any organisation’s email system revolve around passwords, access, firewall, anti-virus, anti-spam, security policies and server updates. Of course there are just too many areas to talk about when running security but these are must do areas when running any server as they revolve around protecting the server and educating users,” says the email systems expert.

With business communications run entirely over email today, companies become very vulnerable if they don’t have these basic factors in place.

And if an attack happens, the chief information/chief technology officer’s role become vulnerable.

“It is embarrassing for Media Prima that this has leaked out but it is not uncommon to happen, in my experience, but other organizations have managed to keep it away from public exposure,” says the email systems expert.

To be sure, with Media Prima not commenting on the issue beyond saying they have migrated to a new email system, we cannot speculate on the cause of the breach. But we can keep an eye on its head of IT.

Interestingly, while the heads of IT are now beginning to be seen as part of senior management for larger companies, clearly this is still a small wave in Malaysia. And in Media Prima’s website, the head of IT is not listed on its senior management list, though the head of its digital transformation is.  

No matter their standing in an organisation, it is up to IT leaders to make the case to senior management for more robust protection of the company’s assets, most of which today have gone online. And if nothing else, the Media Prima experience will bolster their argument for more robust protection.

Both experts DNA spoke to say that CIO/CTO’s could be fired over such incidents – if they did not have at least the basic security protection in place. “However the fault could also be elsewhere if the CIO/CTO had asked for security upgrades but his proposal was not acted on. And I have seen this happen as cost frequently becomes an issue. Here you cannot blame the IT head then,” says the email systems expert.

And even if they do have the base security system in place, a careless user could still unwittingly have let in an attacker by clicking on a link. The fault cannot then be laid at the foot of the head of IT.

Nonetheless, to ensure that all large companies, certainly those which are public listed, have at least the base hygiene level security systems and policies in place, DNA reached out to Pikom’s CIO chapter for advice on what companies should have in place to minimise any malware attacks.

Pikom, the National ICT Association of Malaysia, has about 100 members in its CIO chapter who collectively control an IT budget of over US$239 million (RM1 billion). Chia Nam Liang (pic), the CIO chapter chair shares the following advice.

“Apart from the usual alerts to all users within the organizations to be wary of suspicious emails or links, the following are three immediate steps that can be taken to mitigate potential risks of malware attacks.”

1. BACKUPS: Ensure your backups of critical servers and applications are in place and secure. Preferably, there should be a minimum of two types of backups, one online and one offline. Whilst online backups are convenient and fast, there are cases where the malware can also infect the online backups, hence the need for offline backups. Backups are almost the only way to recover from a bad ransomware attack.
2. ADMIN/PRIVILEGED PASSWORDS: Most hacker attacks and not just ransomware can be traced to privileged credentials or passwords being compromised. If possible, change all admin or privileged passwords immediately, especially for critical servers and applications. If at all, there is a hacker still lurking within your network, this will foil and delay their attempts.
3. CHECK LOGS: Unless an organisation has a dedicated cybersecurity team that monitors constantly, it is likely that no one checks the logs of critical appliances. Get the team to immediately check the following logs for suspicious activities:
   • Firewalls
   • Server logs
   • IPS
   • APT, etc.

While the above are quick safeguard actions that organisations can take, Chia, who is also the CIO of  Hap Seng Consolidated Bhd, notes that obviously there are more medium to long term cybersecurity measures that need to be in place to ensure strong protection against ransomware or any other cyber attacks.

And with all matter of cyberattacks only predicted to increase, protecting a company’s business infrastructure is becoming an ever higher priority in the digital economy. The Media Prima experience should serve as a wake-up call to corporates in Malaysia.