Security speaker and WhiteHat Security founder Jeremiah Grossman has confirmed a new position in which he has declared plans to battle the scourge of ransomware.
In an email to Infosecurity, Grossman, who will serve as chief security strategist for SentinelOne, admitted that the move was a risk, but he had “a high tolerance for risk”.
He said: “While there are many hands looking at the ransomware problem including researchers, academics, vendors, and so forth, there is definitely no slow down infection rates. It’s out of control. So far, no one really has found an answer the market has accepted.
“Hence, a big reason I’m at SentinelOne. If the FBIs numbers are correct, we’re probably looking at a billion plus in ransom payouts by the end of the year, or easily over 2017. So we definitely, DEFINITELY still need more focus on ransomware.”
Grossman left his position as CTO and founder of WhiteHat Security earlier this year, and in a blog, said that he had accepted an opportunity “to work side by side with other brilliant and highly motivated people where we’re all helping to solve important and challenging InfoSec problems”.
He said: “In this case, malware and ransomware. You see, more than anything, I want to make a positive impact on InfoSec. As I’ve said many times, we who work InfoSec are responsible for protecting the greatest invention we’ll see if our lifetime — the web, the internet, and the billions of people using it every day. That’s our mission, our calling.”
Grossman identified the ‘explosion of ransomware’ as the second most crucial factor facing the industry, along with: intersection of security guarantees and cyber-insurance; vulnerability remediation; industry skill shortage; and measuring the impact of SDLC security controls.
Saying that this was the only problem he had not had the chance to work on, he said he had long “railed hard about the crap anti-virus products on the market and the billions of dollars people and companies spend annually to effectively make themselves less secure”.
In research released today by Citrix, it was revealed that one in five (20%) medium to large UK businesses do not have any contingency measures in place in case of a ransomware attack, with almost half of British businesses (48%) not backing up their company data at least once per day.
Commenting, Grossman told Infosecurity that companies are likely to get infected by ransomware at some point as a same assumption, and business will to some degree be disrupted, but typically the payout demands aren’t terribly high - per endpoint, they are largely between $250 and $1250 from everything he had studied.
“The costs to deal with the disruption and clean-up will be much higher than the ransom itself,” he said. “So, the guidance I’d give is to set aside incident response dollars, like everyone should be doing anyway, for any such circumstance — not just ransomware. THEN, they should strongly consider purchasing some cyber-insurance to help cover the loses (ransom and cleanup).”