By Security Report & #8211; Sep 12, 2017
Globally, about 49% businesses dealt with at least one rescue cyber attack in 2016, and of these, 39% were attacks of the type ransomware; Remote work on personal devices increases the risk of infection.
According to the Cisco Cybersecurity Annual Report 2017, the ransomware It is today one of the main threats to digital business. Globally, about 49% businesses dealt with at least one rescue cyber attack in 2016, and of these, 39% were attacks of the type ransomware. In the United States alone, the number of attacks increased from 300% from 2015 to 20161. This trend can be attributed to the growth of ransomware as a service (RaaS) in the first half of 2017, whereby cybercriminals pay RaaS platform operators to launch attacks.
“The intensification of ransomware in the digital economy makes any business a target, ”said Dimension Data security director Matthew Gyde. “This risk increases when cryptocurrencies and bitcoins become a common means of paying ransoms, because they allow cybercriminals to not be tracked. As more employees work remotely on personal devices, the risk becomes even greater. ”
"Deep threat intelligence and research are critical to overcoming cybercriminals, and a critical success factor is stopping the attack before it becomes a business disruptor," Gyde explained. “But security controls alone are not enough to solve a ransomware threat, and organizations need to take a multilayer approach to break the chain of threat progression. This means identifying emerging threats before an attack, having rapid detection and response to it, and having an efficient backup and recovery process. ”
The report includes a few-point framework for companies to defend against ransomware attacks:
· Predict and be informed before the attack occurs: Proactively research what is being discussed on the dark web, new exploits that will be used, and industries or companies that will be targeted.
· Protect: Identity and Access Management (IAM) tools are essential to protecting enterprise computing devices and assets. Network Access Control (NAC) ensures that only devices that have the proper security settings and follow IT security policies are able to access corporate systems.
· Detect: Technologies should be adopted to detect infrastructure anomalies in case malware infiltrates devices or the network. The network should be monitored for indicators of impairment. Having a solution that uses artificial intelligence to detect malicious traffic can also help automate and expedite this detection before the attack worsens.
· Answer: When an incident of ransomware If detected, security specialists should work quickly to block malicious communication channels on the firewall or IPS, and quarantine infected machines.
· Recover: Backup is a critical part of the strategy for rapid recovery. In addition, the backup system must prevent file replication from being maliciously encrypted by ransomware. This can be done with dynamic segmentation and inherent security features.
“Recent ransomware attacks have highlighted the reality that improvements are needed in any industry or any size company. With the right structure, tools, and processes, companies will become better equipped to beat attacks from ransomware before they become business disruptors, ”said Gyde.
