On 14th March, the National Crime Agency and National Cyber Security Centre sounded the alarm about the growing cyber threat. One of their conclusions was that ransomware represents a significant, and growing, threat to UK business. Combine this with the fact that the last 12 months has seen cyber attacks on an unprecedented scale, and you’ve got a melting pot of cyber activity right now.
These warnings come as no surprise. Ransomware use has exploded over the past year or so, particularly in the UK, simply because it is an easy way for cyber criminals to make significant amounts of money. Ransomware works, simply because many firms are forced to pay the ransom because they don’t have the defence systems in place to avoid doing so.
Even though it’s risen to become the number one threat to businesses today, a number of misconceptions around it still persist. Here are the top three myths that are costing organisations thousands they can’t afford:
Myth 1: Having a backup system is enough, as it will allow you to recoup all your stolen data.
First of all, not all backup is equal: there are some backup systems out there that aren’t able to do this. Secondly, even if you didn’t have to pay the ransom this time and were able to restore your stolen data, cybercriminals were still able to get into your systems and access your data - and that’s not good enough.
Looking ahead to 2018, European Union (EU) General Data Protection Regulation (GDPR) is set to come into force, requiring organisations to inform authorities - and sometimes customers - of a data breach within 72 hours of becoming aware of it. So even if you were lucky enough to escape the financial ramifications of a ransomware attack, the damage to your reputation could prove equally costly.
Myth 2: Small and medium businesses (SMBs) are not attractive attack targets.
This is simply not the case. Bottom line? Everyone is a target. No company is exempt. In fact, research suggests the opposite: often cyber criminals see SMBs as more lucrative targets as they are resource-limited and may not have a ransomware protection system in place.
This opinion that SMBs are easy pickings is, unfortunately, often accurate. Research shows that not only do a tiny margin of SMBs deploy ransomware protection, but only 34 per cent even test their backups regularly.
Myth 3: A firewall alone is enough to protect you from ransomware.
The terrifying thing about ransomware is that it can infect your system from a variety of avenues, and not all of these are covered by a firewall. Cyber criminals do this on purpose: they recognise that firewalls will prevent many attacks, so they’ve become very good at getting in by other means, including crafting personalised email attacks for example.
Let’s take a closer look at the top five ways threats like ransomware can infect you:
- Via email. Email is still a very effective way for attackers to get inside your network. Malicious actors often masquerade as trusted institutions like the HMRC, or innocent consumer accounts. Tiny typos designed to slip under our radar (Joe.firstname.lastname@example.org) are the cornerstone of this sort of behaviour; they rely on human error and a lack of cyber security education. Your infrastructure likely already contains a number of latent threats right now - email junk folders are full of malicious attachments and links just waiting to be clicked on.
- Web applications. All applications—whether locally hosted or cloud-based—must be regularly scanned and patched for vulnerabilities.
- Remote working. The mobile revolution drives productivity, collaboration, and innovation, but it means much of your workforce is outside the network perimeter—often connecting via personal devices. This creates a huge potential gap in your security if these devices are not properly protected.
- On-site users. Human error and carelessness can be remedied with training and education, but unfortunately malicious users can exist within the physical boundaries of an organisation. These could include aggrieved employees or ex-employees, but also contractors, partners and third parties. It is impossible to decimate this threat entirely, but there are measures you can take, such as ensuring network perimeters limit access between network segments.
- Network perimeters. Many companies are vigilant about external access to their networks, but far fewer realise that the perimeters between infrastructure segments are just as important; once malicious attackers infiltrate the outer perimeter, internal segmentation security is almost non-existent. This poses a very real threat. Just one instance of human error or one successful malware infection, and it could compromise any part of your network.
With the threat landscape evolving so quickly, the reality is that sophisticated, targeted and zero-day attacks are coming your way. It’s all too easy for malicious actors to gain access to your networks, especially when you’re only deploying the cyber security basics. Effective user training can help prevent many attacks, such as phishing emails, which remain one of the easiest ways to get into your network; but only a considered and integrated approach will succeed in leaving no stone unturned in terms of keeping your network protected from sophisticated malware.
If you become a ransomware victim but you have secure backup, you can remedy the situation by restoring all your data, sure; but it’s a little like having insurance on your phone and having it stolen. It might eventually be replaced, but in the meantime someone has rooted through all your text messages, photos, notes and other precious communications, and may still have access to them. Ransomware attackers are opportunistic, preying on people’s lax attitude around data or documents that may not be very sensitive but are depended on in day-to-day operations. That opportunism means that if ever in the future they spy an opportunity to further capitalise on the data they stole from you, they will.
When looking at your IT estate, make sure you can control and segment network access to minimise the spread of any threats that do get in, as many attackers will attempt to move laterally throughout your network. Ensure employees, third parties and contractors can only spread malware within their own, limited domain.
No-one knows the direction cyber criminals will move in next, but with attackers now possessing resource and sophistication to rival state-funded hacking groups, this threat is not going away. Businesses who value their reputation and assets owe it to themselves to remember to not believe everything they hear: prevention is always better than cure.
Wieland Alge, Vice President and General Manager EMEA, Barracuda Networks
Image Credit: WK1003Mike / Shutterstock