Alan Zeichick is principal analyst at Camden Associates, a technology consultancy in Phoenix, Arizona, specializing in software development, enterprise networking, and cybersecurity. Follow him @zeichick.
Ransomware is real, and is striking individuals, businesses, schools, hospitals, local governments — and there’s no sign that ransomware is stopping. In fact, it’s probably increasing. Why? Let’s face it: Ransomware is probably the single most effective attack that hackers have ever developed. Anyone can create ransomware using readily available tools; any money received is likely in untraceable Bitcoin; and if something goes wrong with decrypting someone’s hard drive, the hacker isn’t affected.
A company is hit with ransomware every 40 seconds, according to some sources, and 60% of malware payloads were ransomware. It hits all sectors. No industry is safe. And with the rise of RaaS (Ransomware-as-a-Service) it’s gonna get worse.
The good news: We can fight back. Here’s a four-step battle plan.
Good Basic Hygiene
It starts with training employees how to handle malicious emails. There are falsified messages from business partners. There’s phishing and target spearphishing. Some will get through email spam/malware filters; employees need to be taught not to click links in those messages, or of course, not to give permission for apps or plug-ins to be installed.
Even so, some malware, like ransomware, is going to get through, often exploiting out-of-date software or unpatched systems, as in the Equifax breach. That’s where the next step comes in: Ensuring that all endpoints are thoroughly patched and completely up-to-date with the latest, most secure operating systems, applications, utilities, device drivers, and code libraries. That way, if there is an attack, the endpoint is healthy, and is able to best fight off the infection.
Ransomware isn’t a technology or security problem. It’s a business problem. And it’s a lot more than the ransom that we are asked to pay. That’s peanuts compared to loss of productivity due to downtime, bad public relations, angry customers if service is disrupted, and the cost of reconstructing lost data. (And that assumes that valuable intellectual property or protected financial or customer health data isn’t stolen.)
What else can you do? Backup, backup, backup, and protect those backups. If you don’t have safe, secured backups, you can’t restore data and core infrastructure in a timely fashion. That includes making daily snapshots of virtual machines, databases, applications, source code, and configuration files.
Businesses need tools to detect, identify, and prevent malware like ransomware from spreading. This requires continuous visibility and reporting of what’s happening in the environment — including “zero day” attacks that haven’t been seen before. Part of that is monitoring endpoints, from the mobile phone to the desktop to the server to the cloud, to ensure that all endpoints are up-to-date and secure, and that no unexpected changes have been made to their underlying or configuration. That way, if a machine is infected by ransomware or other malware, the breach can be detected quickly, and the device isolated and shut down pending forensics and recovery. If an endpoint is breached, fast containment is critical.
The Four Tactics
Good user training. Updating systems with patches and fixes. Backing up everything as often as possible. And using monitoring tools to help both IT and security teams detect problems, and react quickly to those problems. When it comes to ransomware, those are the four battle-tested tactics we need to keep our businesses safe.
You can learn more about this in a short eight-minute video, where I talk to several industry experts about this issue: