isc2

Ransomware’s Great Lessons

Ransomware

The vision is chilling. It’s another busy day. An employee arrives and logs on to the network only to be confronted by a locked screen displaying a simple message: “Your files have been captured and encrypted. To release them, you must pay.”

Ransomware has grown recently to become one of the primary threats to companies, governments and institutions worldwide. The physical nightmare of inaccessible files pairs up with the more human nightmare of deciding whether to pay the extortionists or tough it out.

Security experts are used to seeing attacks of all types, and it comes as no surprise that ransomware attacks are becoming more frequent and more sophisticated.

infosec-ics2
(See full (ISC)2 Infographic)

Security Experts Take Note

Chris Sellards, a Certified Cloud Security Professional (CCSP) working in the southwestern U.S. as a senior security architect points out that cyber threats change by the day, and that ransomware is becoming the biggest risk of 2016. Companies might start out with adequate provisions against infiltration, but as they grow, their defenses sometimes do not grow with them. He points out the example of a corporate merger or acquisition. As two companies become one, the focus may be on the day-to-day challenges of the transition. But in the background, the data that the new company now owns may be of significantly higher value than it was before. This can set the company up as a larger potential target, possibly even disproportionate to its new size.

The problem with ransomware as a security threat is that its impact can be significantly reduced through adequate backup and storage protocols. As Michael Lyman, a Boston-area CCSP states, when companies are diligent about disaster recovery, they can turn ransomware from a crisis to merely a nuisance. He says that organizations must pay attention to their disaster recovery plans. It’s a classic case of the ounce of prevention being worth more than the pound of cure. However, he points out that such diligence is not happening as frequently as it should.

As an independent consultant, Michael has been called into companies either to implement a plan or to help fix the problem once it has happened. He points out that with many young companies still in their first years of aggressive growth, the obligation to stop and make sure that all the strategic safeguards are in place is often pushed aside. “These companies,” he says, “tend to accept the risk and focus instead on performance.” He is usually called in only after the Board of Directors has asked management for a detailed risk assessment for the second time.

Neutralizing The Danger

Adequate disaster preparations and redundancy can neutralize the danger of having unique files held hostage. It is vital that companies practice a philosophy of “untrust,” meaning that everything on the inside must remain locked up. It is not enough to simply have a strong wall around the company and its data; it must be assumed that the bad people will find their way in somehow, which means all the data on the inside must be adequately and constantly encrypted.

tech-news

It is essential to also bear in mind that ransomware damage does not exist solely inside the organization. There will also be costs and damage to the company-client relationship. At the worst is the specter of leaked confidential files – the data that clients entrusted to a company – and the recrimination and litigation that will follow. But even when a ransom event is resolved, meaning files are retained and no data is stolen, there is still the damage to a company’s reputation when the questions start to fly: “How could this have happened?” and “How do we know it won’t happen again?”

As cloud and IOT technologies continue to connect with each other, businesses and business leaders must understand that they own their risk. It is appropriate for security experts to focus on the fear factor, especially when conversing with the members of the Executive, for whom the cost of adequate security often flies in the face of profitability. Eugene Grant, a CCSP based in Ontario, Canada, suggests that the best way to adequately convey the significance of a proactive security plan is to use facts to back up your presentation; facts that reveal a quantitative risk assessment as opposed to solely qualitative. In other words, bring it down to cost versus benefit.

No company is too small to be immune or invisible to the black hats. It is up to the security specialists to convey that message.

For more on the CCSP certification from (ISC)2, please visit their website. Sponsored by (ISC)2

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website

CONTRIBUTORS

Safeguarding Data When Employees Leave The Company

Safeguarding Data When Employees Leave The Company

Safeguarding Data Employee turnover is unavoidable. According to CompData Consulting, the average employee turnover rate in 2015 in the US ...
Cloud Email Migration? Beware Of Unintentional Data Spoliation!

Cloud Email Migration? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) ...
Target of the Next Big Breach

With Big Data Comes Big Responsibility: How to Avoid Becoming a Target of the Next Big Breach

Avoid Becoming a Target of the Next Big Breach Practically every industry relies on Big Data, from education, government, and ...
Future Tech

Gartner’s Top 10 Predictions For IT In 2018 And Beyond

Gartner’s Top 10 Predictions For IT In 2018 In 2020, AI will become a positive net job motivator, creating 2.3M ...
McKinsey’s State Of Machine Learning And AI, 2017

McKinsey’s State Of Machine Learning And AI, 2017

McKinsey’s State Of Machine Learning And AI, 2017 Tech giants including Baidu and Google spent between $20B to $30B on ...
Data Breaches: Incident Response Planning - Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning - Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last ...
The Future For Cyber Security Looks Uncertain

The Future For Cyber Security Looks Uncertain

Future For Cyber Security From the inception of the internet, cyber security has become increasingly more important. As the internet ...
Meet GRAIL - Fighting Cancer with Big Data, AI and the Cloud

Meet GRAIL – Fighting Cancer with Big Data, AI and the Cloud

Improve Your Chances of Surviving Cancer by 5X to 10X How would you like to improve your odds of surviving ...

NEWS

OVH Announces New Hosted Private Cloud Offerings for US Market

OVH Announces New Hosted Private Cloud Offerings for US Market

OVH delivers next-generation services for hosted private cloud, disaster recovery, and hybridity leveraging industry-leading solutions RESTON, VA--(Marketwired - Nov 20, ...
Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

EDINBURGH, Scotland, Nov. 21, 2017 /PRNewswire-USNewswire/ -- The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices ...
HPE CEO Whitman's surprise exit stumps Wall Street

HPE CEO Whitman’s surprise exit stumps Wall Street

(Reuters) - Shares of Hewlett Packard Enterprise Co (HPE.N) fell 6 percent on Wednesday after Chief Executive Officer Meg Whitman’s ...

SPONSORS

Hybrid IT Matures Just In Time To Tackle Complex Challenges

Hybrid IT Matures Just In Time To Tackle Complex Challenges

Tackling Complex IT Challenges Today’s sophisticated business environment demands a dynamic and robust IT infrastructure which is a far cry ...
The Skill & Training Mandates of Big Data

The Skill & Training Mandates of Big Data

Big Data Mandates For some years a dearth of data scientists and analysts has caused concern, with McKinsey expecting a ...
Visual Data Analytics Helps To Illustrate The Big Picture

Visual Data Analytics Helps To Illustrate The Big Picture

Visual Data Analytics We’re consistently hearing how valuable data is today, how important it is to the success of every ...