Why ransomware is a paper tiger
Nic Scott discusses what IT decision makers can do to make their organisation immune from ransomware so they too can laugh at the scammers trying to take company files for a ride.
Nic Scott, managing director UK & Ireland, Code42
Ransomware – you are already familiar with it. The IT department knows about it, and so do tech-savvy employees. It has even reached the radar of the C-suite. Near constant reporting of new breaches in the media has also ensured that ransomware is the hot security topic of the year, and this is not about to change.
The big news for business is that ransomware is very likely to be the hot security topic of 2017. A recent report by Datto shows that 91 percent of businesses globally have suffered a ransomware attack in the past year, and it is reported that both phishing and crypto ransomware are increasing at the rate of several hundred percent per quarter, according to Osterman Research, which forecasts the trend will continue for at least the next 18 to 24 months. But why is this particular strain of malware so popular amongst cyber-criminals?
Primarily, it is down to the fact that ransomware remains one of the most lucrative forms of cyber-crime. In the UK alone, 58 percent of IT directors have paid attackers to get corporate files back following a ransomware attack. At the same time, companies continue to fall into the trap — networks are infected and mission-critical files are encrypted, leaving them with little alternative but to pay the ransom.
What is the real ‘hold up' with ransomware?
With the effects of ransomware so well documented, many CEOs/directors may currently feel justified in paying up for encrypted files. After all, if suffering an attack is inevitable, then paying a ransom becomes just like tax or any other business expense, right? Wrong. Businesses that end up having to pay for their own files are doing so because of their own failings.
This is because, despite its much-touted ubiquity, ransomware is a paper tiger. For the secure business, it is the online equivalent of someone pointing a gun at your chest and making threats, whilst you are effectively wearing a bulletproof vest. Although the threat is still very real to the unprepared, the correct course of action can neutralise its effectiveness.
Bullet-proof your business
If we examine the threat that ransomware poses more closely, we can identify its Achilles' heel. The criminal behind the malware is attempting to deny victim's access to their own data — and if their data only exists on the platform that is infected with malware, this may well be possible. However, if a business has a solution in place that works continuously and unobtrusively in the background to back up data externally (either on a standalone server or in a private cloud), the threat is negated.
Ransomware relies on purchasing the decryption keys from the ransomer being the only way a victim can regain access to their data and information. As soon as there is an alternative, the incentive to pay any kind of ransom is removed. And to avoid any additional losses through business downtime or disrupted working patterns, organisations should look for a tool that can restore data rapidly in the event of a breach.
As with a bulletproof vest, a modern endpoint data protection solution represents the last line of defence. Companies are likely to face a ransomware attack at some stage — that is a given. However, it does not mean that preventative measures are without value. After all, zero downtime is preferable to even the minimal downtime, of a post-breach backup. So how else can businesses proactively protect themselves?
Using a password manager can prevent weak and easy-to-crack corporate logins from careless or frustrated employees. In addition, ensuring employees can work remotely via a secure VPN is extremely valuable. And underpinning both of these strategies should be comprehensive training for employees. The aim here is to improve security awareness and best practice amongst staff members with less advanced IT skills.
The final defence mechanism against ransomware is a continuously evolving strategy. Online threats are constantly adapting, so your security strategy must also keep pace. Key to this is fixing any bugs or holes in the system, which can only be achieved by analysing where things went wrong in the event of a breach.
This is where data forensics tools demonstrate their worth. If an organisation has been breached, it must be able to identify the point of entry, the kind of data that was lost, and its sensitivity level. With this information, it can take steps to shore up the corporate network. As a result, ransomware becomes a game of diminishing returns for the attacker. If companies are smart about their security, we will look back on 2016 as the year ransomware peaked, and then faded away.
Contributed by Nic Scott, managing director UK & Ireland, Code42