Let’s stop the security merry-go-round for a moment and imagine headline-grabbing ransomware as legendary highwayman Dick Turpin. Dick stops us in our tracks on the (information super-) highway and shouts “Stand and deliver! Your money or your data!”
In 18th century England, there was no guarantee that even if you did hand over your money and jewels that you would actually escape unscathed, and we’re experiencing the same today with ransomware. Once infected - and even if you pay the ransom - the chance of getting your data back safely is quite low, with secondary infections common.
Faced with today’s Dick Turpin, there may never be a cyber-silver bullet to protect you 100% of the time against these pervasive threats; those who claim they can, will inevitably face disappointed end users. According to Symantec’s 2016 Internet Security Threat report, crypto-ransomware accounted for more than 75% of ransomware-style attacks, including misleading anti-virus and fake apps.
Yet the reality is that traditional methods of defense against ransomware are rather like a lock on the carriage doors, ensuring the most obvious approaches are blocked, while in the meantime the threat landscape evolves and it’s the theft of the horses you might need to worry about.
Businesses need to understand that they must protect their most critical assets by sensing and detecting breaches as they happen, from the most creative and aggressive assailant, protecting against the scourge of ransomware and other associated threats. It’s the equivalent of having a weaponized stagecoach with the driver wearing night vision goggles.
There are a number of challenges that businesses must address in order to identify malicious activity on their network and mobile devices before it harms them. In addition there are some preventative measures they can take, which act as a virtual bullet-proof vest, mitigating the risk.
Firstly, most organizations rely on low-overhead prevention techniques, such as firewall and antivirus solutions or intrusion prevention. However, these tools are insufficient, and breach data shows that detection and Incidence Response must be improved.
Secondly, attackers continue to use social engineering and social networks to target sensitive roles or individuals within an organization to target data. If security policies and technologies don’t take these vectors into account, ransomware will continue to seep in.
In addition, as attackers reside undetected for months, often moving laterally within environments, any silos between network, edge, endpoint and data security systems and processes can restrict an organization's ability to prevent, detect and respond to advanced attacks .
Finally, new attack surfaces — for example, IaaS, SaaS and IoT — remain challenges and do not yet benefit from the more proven practices used for traditional technologies.
Overcoming those challenges
Whilst the reality is organizations of any size can never be 100 per cent protected, there are a number of steps that can be taken to minimize the potential fallout from ransomware:
- Perform an ongoing business impact and threat assessment analysis. This should be run with business leaders to categorize threats, users and digital assets into high, medium and low-priority classifications, and will enable faster alert response on high-impact threats, events and critical assets.
- Think strategically throughout your security program, keeping up to date with evolving threats. In this way you can proactively thwart social engineering techniques and pay greater attention to all security layers - avoiding stagnation of your technology controls.
- Do more to support the ever expanding perimeter. Monitor endpoints and network based security controls to keep pace with the latest security threat or variable, which will enable organizations as a whole to grow their security architecture as threat variables increase, covering more than the eye can see, beyond the firewall. Securing all devices and all activity that reaches or connects to the network, will highlight malicious activity.
- Consider emerging technologies, such as cloud access security brokers, endpoint exploit prevention, malware sandboxes, NTA, user behavior monitoring, threat deception, and endpoint detection and response, to improve your security stance.
- Back up, back up and back up your systems again.
By facing ransomware head-on and truly understanding the potential business impact through a threat assessment, business can at least be sure which of their jewels in the metaphorical carriage are crucial to the business. If, through a critical assessment of IT environments and attack surfaces, weak points are found, systems and technologies can be applied to protect these valuable assets.