Fri, Dec 16, 2016
By now, ransomware is a part of most organizations’ vernacular. The cyber threat has become one of the top dangers facing businesses and individuals in recent years. In fact, the FBI states that about 4,000 ransomware events have occurred every day since January 1, 2016, increasing roughly four times more than in 2015, and that’s just in the United States.
Still, as online interactions increase and the internet-connected world expands, ransomware has found ways to remain problematic even with heightened awareness. New and revised versions of ransomware are being developed at a rapid pace. Many cyber criminals have actually dropped the amount of ransom they are asking for, recognizing that a smaller amount is likely to be paid by more people, and that with a “reasonable” ransom, people are less likely to complain to the authorities.
Organizations are right to make every effort to prevent ransomware attacks from crippling their office network. But coming up with a workable strategy requires a careful consideration of how hackers get their ransomware (and other malware) into corporate and personal networks. Securing your networks must work with how people use their computers, and how and why they fall for the schemes that hackers use. It’s not that people don’t care about security, but rather that the hackers have become masters of manipulation and are constantly learning how to perfect their skills.
Here is a way to look at the problem: Many businesses are great at watching their front door, but might be unaware of the window someone left open in the basement. In other words, these organizations don’t evaluate their defenses the way a burglar – or a hacker – might. Maybe they have an excellent alarm system, but it could be one that is easy to disconnect. Maybe the major risk involves placing too much trust in a relationship with a vendor or contractor. Organizations need to carefully evaluate points of attack and address potential security gaps – and telling employees to not click on attachments or links of unknown origin simply isn’t enough.
Instead, a more effective defense requires that you also extensively examine your network from all directions – not just the systems that are housed and protected in the office, but also devices such as laptops that employees or collaborators outside the company use to log on while they’re working remotely. Or those vendor systems that you allow to connect to your network. Even look at the networks you may be providing for visitors to your premises. The internet has evolved into a ubiquitous, interconnected network with numerous potential entry points, and many of those points remain woefully vulnerable. The recent distributed denial of service (DDoS) attack, where hundreds of thousands of internet-connected devices were hacked and used to target and take down leading websites, stands as the most salient reminder of just how vulnerable these devices can be.
To make the challenge even greater, ransomware mutates in real time – threats emerge and change in the blink of an eye. On the other hand, businesses tend to think in organizational terms, which can slow their ability to react. We are all at a disadvantage when we turn to legacy, calendar-based protocols to respond to far more agile hackers.
While it might seem like the bad guys have the upper hand, that doesn’t have to be the case. You can shore up your organization’s defenses with an honest and thorough evaluation of your cyber practices. Start by asking these three questions:
There are tools to limit ransomware, and organizations have the opportunity to improve their ability to fight back. The key is to maintain vigilance and your level of preparedness in the face of a rapidly evolving threat. If you are uncertain of where to start or indeed how far or deep to go, engaging an experienced risk mitigation partner like Kroll can help you discover where weaknesses exist and minimize your vulnerability to ransomware.
The Kroll Investigations, Diligence and Compliance team consists of experts in forensic investigations and intelligence, delivering actionable data and insights that help clients worldwide make critical decisions and mitigate risk.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.