[BreachExchange] Ransomware is a deadly enemy – even if security is built like a fortress

Audrey McNeil audrey at riskbasedsecurity.com
Thu Oct 12 18:34:07 EDT 2017


https://www.itproportal.com/features/ransomware-is-a-
deadly-enemy-even-if-security-is-built-like-a-fortress/

WannaCry. notPetya. Locky. Each of these threats is a perfect example of
the havoc that cyber attacks can wreak on businesses across the globe. And
the crippling success of WannaCry specifically, has put ransomware front
and centre – both for cyber criminals and the organisations they are
targeting. Unsurprisingly, this has encouraged organisations to ramp up
defences and fortify security in preparation for the next attack. But, no
sooner have companies completed this task, than the next generation cyber
attack appears that can circumvent these measures. Not only do these impact
an organisations primary systems and data, but they can also corrupt backup
data if it is not stored in a secure way.

As these cyber-criminals continue to stay one step ahead, businesses are
struggling to protect their most valuable asset and are faced with a huge
challenge when it comes to data protection.

In order to defeat these challenges, businesses need to understand the
following things:

The price of an attack

When a ransomware attack strikes, the first response of IT staff is usually
to shut down all technology on the network. Though this doesn’t remove the
infection from the system, it can prevent the spread to other machines.
This will protect some facets of the IT infrastructure, but can lead to
extended periods of downtime – something that is extremely costly for any
business.

In fact, according to a report by the Ponemon Institute, in 2016 the
average cost of data centre downtime was $7,900 per minute. On top of this
cost, if an organisation fails to have appropriate backup technology in
place, they will often be forced into paying a ransom demand for the return
of the company’s data.

While the cost of ransomware and the price of a ransom can themselves be
damaging – and escalate for larger organisations – the criminals driving
the business model behind these attacks are likely to look for more
leverage to increase the impact of attacks in the future. One way of doing
this is to force organisations into also facing the monetary consequences
associated with compliance legislation. It’s likely that the next
generation of ransomware will tap into GDPR, the new privacy laws that come
into force in the EU in May 2018. In fact, the UK’s ICO has already fined
one local council for not taking enough precautions to prevent an attack
under current laws.

These new laws, which come with big fines for companies holding the
personal data for EU citizens, make for a perfect roadmap for the next
iteration of ransomware. If attackers opted to leak personal data instead
of encrypting everything, it could create a whole new world of business
dilemma. Between declaring a breach to regulators, paying fines and
ensuring minimal damage to the business, an attack of this kind is certain
to put extra strain on organisations.

Finally, if these outcomes weren’t enough, businesses hit by an attack will
have to deal with the fallout of the data breach becoming public knowledge.
As we have seen many times before, when an organisation suffers this kind
of attack, its reputation is often left in ruins, resulting in additional
financial loss.

The Enemy Evolves

Ransomware itself has developed into an extremely sophisticated business
model. The dark web is full of ransomware tool-kits that can by yours for a
small fee and often a percentage of the ransom collected if you know where
to look. Additionally, as soon as security software is updated, a new
strain of ransomware is developed to wreak havoc once again. It is a cycle
that is hard to stay ahead of and often leaves traps to trip up defences in
lots of places. For these reasons, the only way to stay one step ahead is
to prepare many layers of defence.

Rather than implementing a single line of defence, companies should look at
investing in a range of solutions that bolster infrastructure security in a
variety of ways.

Defence in depth

- Companies with 100% anti-virus coverage, firewalls, email
filtering/screening and that run user security training programmes are
still vulnerable – but none of these should be ignored
- Automate system updates: this should be a routine part of IT maintenance,
but when it comes to protecting an environment if left undone it can be the
entry point of a cyber attacker’s dreams. WannaCry was a perfect example of
exploiting organisations who neglected system updates and patching.
- Endpoint protection: one of the easiest ways into a network is through an
unprotected end point, a laptop being the main soft target. However, with
the right data protection solution, attacks can be spotted early and dealt
with, not to mention getting the affected user productive again quickly
- Use multiple type of OS for backup systems
- Automate Disaster Recovery (DR) testing, and make sure you know what (if
any) system dependencies there are for DR systems that could affect
recovery
- Ensure your backup systems can isolate backup stores, and keep offline
copies of backups

There can be no recovery without Backup

As depressing as it is, it’s best to assume that one day you will get
affected, even with best security measures there are no guarantees.
However, in the event that ransomware does strike, the best way to minimise
damage is to have a regularly tested Disaster Recovery plan.

Operating a modern backup solution allows a company to restore all data to
a point before the ransomware infiltrated the system, whether on-premises,
in the cloud or for SaaS systems such Office 365. While some data may be
lost in this reboot, the loss is minimal in comparison to the alternative.
This approach can save both time and money, as it eliminates the need to
pay a ransom and reduces the amount of time that a business is offline
substantially. And at $7,900 per minute, less downtime could mean saving
thousands of dollars.

It is worth nothing that it isn’t just businesses that recognise the
importance of backup. This means that organisations shouldn’t simply invest
in everyday backup systems. Instead, they should invest in a security
conscious backup solution that can identify ransomware attacks in progress
and restore data quickly, while adding an extra layer of protection to the
data that matters most.

Ransomware is a problem that is here to stay and protecting data is
becoming more and more challenging. As businesses begin to understand how
ransomware is evolving, they can better arm themselves against the threat.
This will mean adding extra layers of security and implementing backup
infrastructure that is both efficient and secure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171012/67f75340/attachment.html>


More information about the BreachExchange mailing list