Now is the time to prepare & combat ransomware & other cybercrime.

Mark Ziesemer / March 27, 2018
Now is the time to prepare & combat ransomware & other cybercrime.

Relying on patches and policing employees to prevent cybercrime appears to be a never-ending emergency for organizations today. In a perfect world, such measures would offer total protection. But few of us live in a perfect world. Employees are ignoring basic protocols, like requirements for using password protection tools and not using work computers and mobile phones for personal use. There are also new types of cyber threats that you must be aware of to defend against.

One of the fastest growing type of cybercrime is ransomware. According to a U.S. government interagency report, an average of more than 4,000 ransomware attacks have occurred daily since January 2016.** So, what is Ransomware?

What is ransomware?

Ransomware is one variation of malicious software (malware) used in a cyberattack to encrypt the victim’s data with an encryption key that is known only to the attacker, unless a ransom is paid by the victim the data will be rendered unusable. Digital currency – or “cryptocurreny”, such as Bitcoin, Ethereum, or Monero – is normally required as a form of payment. With the decentralized nature of cryptocurrency, attackers are able to avoid the few financial protections that would otherwise possibly be available. There is no recourse for reversing a transaction, and the so-called anonymity of these cryptocurrencies leave few options for legal authorities to pursue.

HBS, along with the FBI* and others, do not support paying ransoms.  There are no guarantees when dealing with an attacker.  When ransoms are paid, it only furthers an attacker’s motives to continue their illicit activities, potentially in repeat attacks against the victim organization and others.  In as many as half of ransomware demands, the attacker is sent a sizable ransom demand – and the victim is (still) left without their data.

Individuals and organizations are at risk for such ransomware attacks. Ransom demands range anywhere from hundreds to many thousands of dollars. In 2016, a South Carolina school district paid an estimated $10,000 ransom, and a California hospital paid approximately $17,000 to cybercriminals.**  By design, many ransom demands increase over time in an effort to limit a victim’s options. See how a school in Illinois was able to restore their network without paying a ransom with help from HBS. Ransomware is just one piece of the puzzle. Let’s investigate some cybercrime statistics.

According to a 2017 Ponemon Institute cybersecurity study*** of 600 individuals in organizations – many with a headcount of less than 100:

  • $2,235,018 per year is the average amount spent in the aftermath of a cyber attack or data breach (up from $1,835,011).

  • 9,350 is the average number of records compromised in a data breach (up from 5,079).

  • 61% say their organization was a victim of a cyber attack (up from 55%).

  • 54% say a negligent employee or contractor was the root cause of their data breaches (up from 48%).

  • Ransomware has increased from 2% to 52% over a 12-month period.

The data above demonstrates how important it is for organizations to protect against cyber threats and achieve online security. Consider that 32% of respondents in the cybersecurity survey don’t know the root cause of their data breaches (the same percentage as last year), 66% say exploits and malware evaded their intrusion detection system (up from 57%), and 81% say their anti-virus solutions failed (up from 76%).***

What can you do to protect against ransomware and other cyber threats?

The number one defense against ransomware is having proper backups.  Effective backups need to be regular and timely, to prevent hours, days, weeks, or worse of lost effort and assets. Periodic restores from backup need to be tested to ensure that the solution continues to work as designed, and that backups are available when needed – no different than a building’s fire suppression system. Backups need to be properly secured, as attackers may and have also attacked their victim’s backups to limit their options – requiring backups to be sufficiently isolated / disconnected / offline from the computers and networks they are backing up. Sufficient policy controls need to be in place – and also tested – to ensure that malware or an active attacker with access to an organization’s passwords, including those of the system administrators, are not able to compromise the integrity of the backups.

Backups are just one of the many concerns in mounting a proper defense against current threats, and any such defenses should be externally reviewed to help identify any gaps that may leave an organization vulnerable to unacceptable risks.

You can get help with security and focus your attention on your organization by assessing your network with a 360° security risk assessment. This assessment will provide insight for your internet against threats, such as malware and phishing attacks. It also helps keep your organization safe by:

  1. Mitigating the risks impacting the privacy and security of sensitive data.

  2. Identifying specific threats and vulnerabilities targeting or impacting your organization.

  3. Provide data protection and management recommendations.

  4. Proposing proper security incident planning with proactive process, policies, standards, tools, and procedures.

Cybercriminals have virtually unlimited time to mount their attacks. It only takes one intrusion to cripple an organization. You may not have the time and experience required for implementing effective defenses. We can help, with recommendations you need to protect your organization from modern threats.


* Federal Bureau of Investigation Internet Crime Complaint Center (IC3).  Public Service Announcement, Alert Number I-091516-PSA.  September 15, 2016.  https://www.ic3.gov/media/2016/160915.aspx
** Lawrence, Miller. Ransomware Defense for Dummies. John Wiley & Sons Inc., 2017. PDF
*** Ponemon Institute. “2017 State of Cybersecurity in Small and Medium-Sized Businesses (SMB).” http://www.veille.ma/IMG/pdf/2017_state_of_cybersecurity_in_small_medium-sized_businesses.pdf (Accessed November 2, 2017)
 

Mark Ziesemer
About the Author


Mark Ziesemer
Information Security Architect
Mark is a versatile Information Technology professional with over 15 years of comprehensive experience and an Information Security focus across networking, infrastructure/operations, cloud technologies, and software development.  He has regularly been involved in all areas of I.T. from design, engineering, and architecture through operations, support, and training – with emphases in security, high availability, monitoring, performance, quality, automation, standards compliance, and documentation across all efforts – and with a proficiency towards providing enterprise services and solutions.

Comments
Blog post currently doesn't have any comments.