Here is a scary prospect – ransomware that hides in a corporate network, analysing it and multiplying itself until it is found on every machine in an organisation. Only after it has contaminated every machine in a network will it activate, in a coordinated attack, bringing an entire company’s business to a screeching halt, until a large sum of money is paid to the attacker.
Such an idea is not yet reality, but it’s not far from it, either. Cisco's Midyear Cybersecurity Report says it is only a matter before we hit this milestone, mostly because ransomware has become the most lucrative malware type in history.
Also, businesses are ill-prepared for ransomware attacks. They have fragile infrastructure, poor network hygiene, and extremely slow detection rates. The report says that organisations take, on average, 200 days to identify a new threat. For attackers, the longer it takes to identify the threat, the more money they’ll be able to extract.
“Faster time to detection of threats is critical to constrain attackers’ operational space and minimise damage from intrusions,” the company said, adding that Cisco’s median time to detection (TTD) is now approximately 13 hours, down from 17.5 last year.
And while organisations are struggling, attackers are shifting into a higher gear. Cisco advises all organisations to protect themselves by:
- Improving network hygiene
- Integrating defences
- Measuring time to detection
- Protecting their users
- Backing up critical data
“As organizations capitalize on new business models presented by digital transformation, security is the critical foundation,” says Marty Roesch, Vice President and Chief Architect, Security Business Group, Cisco.
“Attackers are going undetected and expanding their time to operate. To close the attackers’ windows of opportunity, customers will require more visibility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities.”
Photo credit: Ton Snoei / Shutterstock