Malware used to be about hackers being disruptive and causing an inconvenience - random or politically motivated groups making a point. Not so any more. Now it’s a serious, almost professional activity directed at doing real harm and making real money.
Cisco’s Annual Security Report 2016 documented the statistics of the Angler exploit kit targeting up to 90,000 victims per day and reaping a staggering $34m annual revenue for the hackers.
Ransomware is big business!
Everyone is at risk. Last year, we were approached by a handful of organisations which had been attacked and were facing the reality of having to pay a ransom in order to have their data unencrypted. Without the data, they had no business.
How can these attacks be happening on such a scale to such critical data?
In our experience, the most common route into the network has been email links or attachments. Sometimes very specifically targeted at individuals and sometimes to multiple addresses within the organisation, they’re looking first for a human weakness in defences.
Step 1 – Protect yourself
Make sure that anti malware protection comprehensively covers both email and web and is up to date to maximise protection so that the malicious content doesn’t get through to the next stage.
Another element of protection is to ensure that the network is appropriately segregated so that if infected, the malware cannot spread widely and indiscriminately across the network. Experience has shown us that this is an effective step that can prevent extensive damage.
Step 2 – Detect the attacks that get through
As a second line of defence, ensure that users are educated to spot potentially malicious content so that they don’t inadvertently become the cause of infection. If your company is attacked there can be huge reputational damage. Educating your team about this can be a vital line of defence against ransomware.
One of our clients received a targeted email containing a link to a malicious URL which was not detected by their email antivirus solution leading to multiple infections as users opened the malicious link.
User training at every level of the organisation, especially senior management, is a big factor in securing an organisation without having to lock down systems in a way that disrupts operations and prevent staff from getting on with their daily roles. You don’t have to take people away from their desks for days at a time in classroom training. Tools which prompt users to think before clicking are a great way to keep security front of mind and keep people working.
Step 3 – Respond
None of the organisations we’ve been working with have chosen to pay the ransom demand. All have restored the data from backups and as a result suffered the operational cost of losing multiple days’ worth of data.
The lesson here is to ensure that you have a robust backup strategy which will make this possible. How much time and data can you afford to lose in between infection and your last backup? How long can you afford the restore to take? In addition, there is an inherent risk of reinfection if the malware itself is stored within the backup which also needs to be managed.
We have found that in every case, the organisations that have suffered an attack have re-evaluated their defences and investigated improvements to prevent reinfection backed by a real business case to justify the investment.
To learn more about how Novosco can work with you to protect your business, join our Ransomware webinar on 27th April at 2pm. Register https://attendee.gotowebinar.com/register/8803606366691827203