Q&A: Dealing with ransomware and cyber attacks

Stories of security breaches and cyber attacks appear in the news on a weekly basis at the moment, with ransomware currently being one of the most popular methods amongst cyber criminals.

We spoke to Evan Davidson, VP of EMEA Sales at Cylance, about how companies can protect themselves against ransomware and other types of cyber attacks.

  1. What's been happening in 2016 for Cylance so far?

Cylance have launched into 2016, quadrupling in size and making significant progress in bringing their solution to enterprises of all sizes in a number of countries around the world. With their technology now deployed on over four million endpoints, Cylance has attained even their most pie-in-the-sky revenue numbers protecting hundreds of clients including leading energy, oil and gas companies; top healthcare companies, banks and financial services.

Cylance are well on the way to fulfilling their mission. In 2015, Cylance launched a global road show, The Unbelievable Tour to demonstrate the efficacy of their agent against the top three names in traditional antivirus. By conducting demonstrations in over 75 locations across the globe, Cylance have not only a loyal following, but a strong customer base.

  1. What has led to the rise of ransomware we're seeing at the moment?

Ransomware has been around for a number of years, but there’s been a definite uptake lately in its use by cyber criminals. Security professionals believe infections most often occur when malware finds its way onto an end-user computer, most often as a result of clicking on a link in an email, visiting a malicious website, or inserting an infected USB key.

Ransomware is not new, it is just getting more sophisticated. Ransomware attachments have been maliciously and cleverly disguised as invoices, resumes, mail package delivery confirmations, etc. to trick users into opening them. With 15 new variants this year alone, 2016 is already shaping up to be a frighteningly lucrative year for cybercriminals, where any person with a computer can be exploited and used as a revenue source with the potential for vast profits.

  1. How can companies protect themselves against ransomware and other security threats?

The truly concerning thing about the current high level of activity around ransomware is that those who still rely on traditional antivirus (AV) products and technologies with signature based approaches are continuing to fall victim day in and day out. Cylance however is attacking the ransomware challenge head-on, by developing an innovative way of stopping malware executing on a user’s machine with a light weight agent that predicts and prevents these threats using artificial intelligence and machine learning.

Cylance has broken down the DNA of malware to an almost molecular level to help understand to a high degree of accuracy whether an application is good or bad, whether the malware has previously been encountered or not.

  1. With more and more endpoints entering the workplace, what do businesses need to do to keep control?

There are multiple steps a business can take to protect against Ransomware attacks. If you look at the attack model of the typical piece of ransomware, the method of operation is exactly the same in business environments as it is in a private individual’s machine. Users are enticed to click on malicious links, or browse to malicious stuff, leading to the malware dropping and kicking off the process of encrypting vital files on the user’s hard drive, possibly spreading to any connected backup drives, USB sticks, and to the company network.

When it comes to remediation, in practical terms, we have to focus on the user or on the first stage of the malware, in order to halt the malicious chain of events. It is important that businesses keep a pulse on the current phishing strategies and confirm their security policies and solutions can eliminate threats as they evolve. It is equally as important to make sure that employees understand the types of attacks they may face, the risks, and how to address them. Informed employees and properly secured systems are key when protecting a company from cyber-attacks.

  1. Are there any particular industries that are being targeted more than others at the moment?

It is deeply concerning to hear about the high-profile medical entities that have been targeted lately. Medical facilities are increasingly becoming targets for cyberattacks with health care teams having access to a great deal of data that hackers find valuable - financial records, medical information and identity details. Typically these industries along with many others have not been great investors in new security spending so they have become easier targets.

In this scenario, the price paid for the attack is not just limited to the dollars and cents paid as the ‘ransom’ (or rather, the Bitcoin bounty which is the typical ransomware author’s preferred method of payment). A ransomware attack on a health centre could cause substantial delays in patient care, or access to vital patient information which can not only slow down business but put lives at risk.

Because the rise of cyberattacks on healthcare facilities is still fairly new, many members of medical teams haven't been trained in cybersecurity measures that can help prevent these kind of invasions. This makes it easier for hackers to get into a healthcare network simply by targeting staff members with infected emails or corrupted websites.

Image Credit: Bacho / Shutterstock