The New Big Security Threat That Takes More Than an Anti-virus to Stop
- 26 October, 2017 11:54
If your company staff are using common software or services like Dropbox, Twitter, Apple or Microsoft, chances are your business is under threat of ransomware. Ransomware developers send emails that imitate these companies and look legitimate; emails that look and feel like the real thing but once clicked on, delivers ransomware to the computer or network.
The scale of this threat is immense and cannot be ignored. In just one week in October, consumers were advised of new scams impersonating Dropbox, MailChimp, Telstra, the Australian Federal Police (AFP) and Revenue NSW. Cyber-criminals dress infected emails and files up as common use tools and household names such as these because they know a significant number of people will click to download the attachment and only think to check after the fact. Just about any malicious code can be delivered via these phishing attacks, but increasingly, they are being used to deliver ransomware, as a form of malware that can evade traditional anti-malware, and provide the criminals with a direct line of revenue from businesses so desperate to get their data back that they simply pay the ransomware demands.
Indeed, ransomware has proven to be so successful that it has become a billion-dollar industry over the past two years, and its growth is accelerating further. It is now an ongoing and daily concern for businesses, and due to the lack of a cohesive strategy in place to deal with ransomware, many organisations are far more vulnerable to this risk than they should be.
As a result, in 2017, and in Australia alone, there have been more than 51,000 reports made to the ACCC around phishing scams, where losses have totalled nearly $37 million to date.
How is ransomware so effective?
Managed properly, ransomware can be kept out of an organisation, but doing so involves plugging a significant number of security gaps internally. These include – but are not limited to:
- Ensuring that there is a comprehensive backup strategy, meaning that if there is a ransomware attack the data does not risk being lost entirely.
- Patches on operating systems and network are kept up to date in real time.
- Adopting a strict permissions/ rights strategy, so only staff that need admin access have it.
- Ongoing training and awareness building among staff to ensure that they have a better understanding of IT security.
Many organisations rely on existing anti-malware solutions to also block ransomware, unaware that there is strong social engineering side to most ransomware delivery mechanisms (i.e. convincing a staff member to open an infected attachment).
As a first point of call, the organisation should ensure that its backups are kept continuously up-to-date and separate to the main network. In an event of a successful attack, the network can be restored to a point before the attack.
Secondly, the organisation should take the initiative to proactively educate all staff on the dangers of ransomware, how to identify and flag a suspicious email, and general best practices when online.
It is also important to update the organisation’s security technology. Many businesses are relying on existing anti-virus and anti-malware technology to catch ransomware, but these malicious programs can usually circumvent traditional security software. What organisations need is endpoint security products that are specifically designed to catch and block the impact of ransomware.
One such example of endpoint security is Sophos Intercept X, which includes a technology called CryptoGuard that prevents the spontaneous encryption of data on the computer or network. This means that ransomware, which relied on being able to make the entire network’s data inaccessible instantly, is no longer able to perform that function giving your security team time to identify and quarantine the threat.
Having industry leading individual pieces of security technology is only a part of the solution. Ultimately, the only way to minimise the risk of ransomware is to have all these individual security solutions working together, with full understanding of the risks involved from management, the IT team, and the individual users themselves.
This is a significant opportunity for the channel as organisations turn to channel partners to develop holistic and comprehensive solutions to deal with the escalating security risk around ransomware.
Being able to bring a wide range of security solutions together and ensure that they’re “talking” to one another, while being manageable for the organisation on a day-to-day basis, is the best step forward in preventing the significant damage that ransomware can inflict on a business.
To hear more about how the ransomware epidemic is evolving and how your organisation can stop it in its tracks, register now for The Man from Sophos event taking place in Sydney, Melbourne and Brisbane on 26, 31 October and 2 November respectively. Click here for more information.