The Ransomware villain: Why companies mustn't rely on heroes
Andy Buchanan discusses why companies need to take practical steps to defend against the consistent threat of ransomware
Andy Buchanan, area vice president, UK and Ireland, RES
A group, forced together in the face of great adversity, combining their own unique powers to help the world at large in its moment of need. For many, this immediately conjures thoughts of The Avengers or Justice League. Comic book heroes, who only together can defeat a threat with the potential to end the world as we know it.
However, in this case the above doesn't depict any form of superhero super group. Instead, it describes the coming together of Europol, the Dutch National Police, Intel Security and Kaspersky Lab against arguably the greatest online threat: ransomware.
Together, they have created NoMoreRansom (NMR), an online resource for victims of ransomware, providing information, prevention advice and decryption tools – all with the aim of helping those whose files are being held digital hostage.
As super groups go, NMR is definitely on its way, but it does fall slightly short. The website itself is of course a valued resource, providing guidance and assistance to those that have suffered at the hands of ransomware. However, more needs to be done to proactively prevent ransomware, rather than just dealing with the aftermath.
Companies still need to be vigilant with their security to prevent rather than recover. With this in mind, there are several processes organisations should consider in the fight against the ransomware menace.
The first step is education
Companies need to invest in education. While NMR acts as a great educative resource to business owners, nine times out of ten, employees are the weak link. Cyber-criminals understand this and therefore often target unsuspecting staff members.
Hackers know their trade. A key example of this is the targeting of junior employees knowing that they are unlikely to avoid emails labelled urgent.
To close this security black hole, businesses should start by educating their workforce from interns all the way up to CEO. If all employees know how to spot a phishing email, not to download a malicious form of software and to always use strong and varied passwords, then the majority of a cyber-villain's arsenal is rendered almost useless.
A culture of security
Once education is in place, it's important to nurture a culture of security. Within many businesses across the UK, there is blissful ignorance when it comes to cyber-crime. They acknowledge it is a present danger, but consider it something that happens elsewhere.
This is a dangerous mindset. In 2015 alone the Government Security Breaches Survey found that nearly three-quarters (74 percent) of small UK organisations had reported a security breach while two thirds of Britain's large businesses suffered an attack or breach.
It is evident that the threat of ransomware is only gaining momentum – and so all companies must begin digging their trenches.
Technology is your greatest defence
Businesses need to adopt proven technology approaches to secure themselves. There are many methods that organisations can employ to create a tough, technological barrier, including blacklisting and whitelisting applications, permission-based access, read-only blanketing and automated revocation of access.
As well as this, it is important to acknowledge that threats can come from within. IT shadows, whereby an IT department loses insight into access and security are extremely dangerous and can make securing a network almost possible.
The employee lifecycle is one way in which IT shadows spread. When a member of staff joins or leaves the company, they must be properly onboarded or offboarded. To ensure this is secured, businesses should look to automate the employee lifecycle. This way, new joiners and those exiting the company will not expose an access point, closing a vulnerable door to would-be villains.
IT shadows can also appear when employees introduce their own apps, services and solutions. Each unapproved app that is introduced to the network steadily chips away at the IT department's overview of security. This can, in time, make security extremely difficult.
So what is the IT shadow kryptonite?
There are various solutions. One way is to limit employees to a strict list of approved apps and solutions. However, this doesn't address the root of the problem. Instead businesses should consider self-service capabilities.
By providing a central point where workers can request access to apps and services that can then be automatically delivered once they are checked. This way, employees remain in control of what they want, but the IT department has complete oversight. Context-aware control can also be introduced so approved apps and services issued via self-service can only be accessed from secure locations.
Overall, it is paramount that companies and organisations acknowledge the importance of security. No super group, despite its best efforts, will be able to completely stop ransomware. Instead, rather than rely on heroes, businesses should take security in to their own hands and ensure they make every effort to prevent ransomware from wreaking havoc.
If not, they may just find that ransomware infiltrates them a long time before the Avengers assemble.
Contributed by Andy Buchanan, area vice president, UK and Ireland, RES