How Zero Trust Security Fuels New Business Growth

How Zero Trust Security Fuels New Business Growth

Bottom Line: Zero Trust Security (ZTS) strategies enabled by Next-Gen Access (NGA) are indispensable for assuring uninterrupted digital business growth, and are proving to be a scalable security framework for streamlining onboarding and systems access for sales channels, partners, patients, and customers of fast-growing businesses. The
Marty Puranik

HIPAA Risk Assessment Guide for Smaller Practices

HIPAA Risk Assessment Guide Disconcertingly, one in four practices (25%) are failing meaningful use audits by the Centers for Medicare and Medicaid Services (CMS). The #1 reason for failure is the absence of a full-spectrum healthcare risk assessment. These assessments or analyses are important compliance

Ransomware

IT security company KnowBe4 has issued a warning regarding a new strain of ransomware called VirRansom, which “utilizes both ransomware and parasitic virus features,” according to a statement released Monday, Dec. 8 by CEO Stu Sjouwerman. As a self-replicating program, this particular strain has the potential to lock up a company’s entire system, demanding a BitCoin payment to free the files.

Ransomware is a brazen, yet effective approach to sabotaging a company’s operations by placing all of its files under an encryption key. The organizations behind its deployment often hide their identities within the anonymity of Tor, and demand payment in trackless virtual currency.

The ease by which a ransomware virus can spread has become a troubling problem for IT managers, given the complete interconnectedness of employees, through a variety of personal and company-issued devices as well as across a networks, both internal and cloud-based.

A recent story, covered by NPR, highlighted a company that was presented with a 72-hour countdown clock, which pointed to a deadline at which its files would be encrypted. The business in question was not large – not a typical target for hackers, but was one that found itself at the mercy of extortionists due to a simple human error: a phishing email that resembled a PayPal payment notification appeared in an employee inbox, and once clicked, activated the ransom note and timer.

VirRansom CEO Sjouwerman points out that these types of attacks are very difficult for antivirus companies to keep up with. Quoted in a story at CBS News online, he suggests companies take the following steps to protect themselves in advance:

1. Test the restore function of your backups and make sure it works, and have a full set of backups offsite.

2. Start thinking about asynchronous real-time backups so you can restore files with a few mouse clicks.

3. Get rid of mapped drives and use UNC (universal naming convention) links for shared folders.

4. Look into Whitelisting software that only allows known-good executables to run.

5. Update or enforce security policy best practices, such as thorough security awareness training to prevent these types of infections to begin with because the infection vector is your end-user opening up an attachment or clicking on a link.

Rahul Kashyap, a researcher at the cybersecurity firm Bromium, adds that the programs inside ransomware viruses are getting better at locating high-value files, explaining to NPR that there is greater value in finding autocad files, for example, than regular memos.

Experts are divided as to whether ransoms should be paid, some believing this merely funds more sophisticated crime tools. However all of them agree that the best defence is an offline reproduction of everything a company needs to operate – and that means completely offline.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Infosec thought leaders

Beyond VDI: How the hybrid cloud is forcing us to rethink an industry

Beyond VDI (Virtual Desktop Infrastructure) Before I start this blog, I want to get something off my chest. Here it ...
Marty Puranik

HIPAA Risk Assessment Guide for Smaller Practices

HIPAA Risk Assessment Guide Disconcertingly, one in four practices (25%) are failing meaningful use audits by the Centers for Medicare ...
Secure Business Agility

The First Steps on a CISOs DevOps Journey

CISOs DevOps The marriage between DevOps and Security is rapidly gaining traction. Security is shifting from its former mindset of ...
Cloud Native - Design, Delivery and Management of Applications

Cloud Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability ...
Part 2 - Identity Assurance by Our Own Volition and Memory

Part 2 – Identity Assurance by Our Own Volition and Memory

Identity Assurance We believe that the reliable identity assurance (See part 1) must be built on three prerequisite principles as ...
Introducing Mozilla WebThings - Open platform for monitoring and controlling devices

Introducing Mozilla WebThings – Open platform for monitoring and controlling devices

The Mozilla IoT team is excited to announce that after two years of development and seven quarterly software updates that have generated significant interest from the developer & maker community, Project Things is graduating from ...
Notre-Dame de Paris: Capgemini contributes to the national effort

Notre-Dame de Paris: Capgemini contributes to the national effort

Paris, April 16, 2019 – The Capgemini Group has decided to pay the sum of one million euros to help rebuild Notre-Dame Cathedral.  Paul Hermelin, Chairman and CEO of the Capgemini Group: “Our emotion is strong ...
Making Returning to Work as Easy as Possible with SAP Learning Rooms

Making Returning to Work as Easy as Possible with SAP Learning Rooms

Returning to work after a career break – especially one that has lasted several years – can be difficult. Now that digital transformation is in full swing, gaining the necessary knowledge and understanding systems and ...