The pervasive reach of ransomware is a ‘massive issue’ for New Zealand organisations and others around the globe. Technology giants Cisco and Dimension Data have put ransomware under the spotlight as part of an effort to help organisations stay ahead of the threats.
Dimension Data New Zealand security expert Matthew Lord says that CERTNZ reports show ransomware is having a ‘huge impact’ on New Zealand organisations.
“Ransomware accounts for 13% of all reported incidents, with more than a quarter of those resulting in financial loss. Most businesses will have had at least one ransomware infection this year,” he says.
“What’s alarming is that ransomware is often bypassing traditional security technologies such as patching. A lot of New Zealand organisations often have quite mature security in terms of patch management, email and web protection technologies, but this is no longer enough.”
Globally, 49% of businesses experienced at least one cyber ransom attack in 2016, according to a Cisco 2017 Mid-Year Cyber Security report. This is partly due to a rise in ransomware-as-a-service in the first half of this year.
“The escalation in ransomware attacks in the digital economy makes every organisation a target,” says Neville Burdan, general manager – Security, Dimension Data Asia Pacific.
“This risk escalated when cryptocurrency and Bitcoin became a common avenue for ransom payment. That’s because cybercriminals cannot be traced. And as more employees work remotely on personal devices, the risk is further compounded.”
Malware is also infecting endpoints such as personal devices and printers, which are not routinely patched outside the control of corporate IT.
“The WiFi network vulnerability issue is a perfect example of this. It shows us that a lot more than just our desktops, servers and laptops need to be patched – anything connected to the internet can be vulnerable,” Lord adds.
“Everyone has access to WiFi, at home, work, cafes and in our cities. People will be tuned to patching their desktop, laptops and tablets, but how often do they update their wireless routers?” Lord asks.
Burdan explains that a critical factor in defence is to disrupt the attack before it becomes a business disruptor.
“Security controls alone are not sufficient to address a ransomware threat, and organisations need to adopt a multi-layered approach to stop the cyber kill chain. This means identifying emerging threats before an attack, quick detection, a swift response to an attack, all the way through to the backup and recovery process,” Burdan explains.
Cisco and Dimension data propose a six-point framework for defending against ransomware attacks
- Predict and be informed before the attack occurs: Proactively research what’s discussed on the dark web, new exploits that will be used, and industries or companies that will be targeted.
- Protect: Identity and access management (IAM) tools are essential to protecting enterprise devices and computing assets. Network access control (NAC) ensures that only devices that have the adequate security settings and adhere to IT security policies are able to access corporate systems.
- Detect: Technologies should be in place to detect anomalies in the infrastructure, in the event that malware has infiltrated the endpoints or network. The network must be monitored to check for indicators of compromise. Turning on AI-enabled malicious traffic detection, can also help automate detection swiftly before the attack worsens.
- Respond: When a ransomware incident has been detected, security experts must work fast to block malicious communication channels at the firewall or IPS, and quarantine infected machines.
- Recover: Backup is a critical part of the strategy for fast recovery. In addition, the backup system needs to prevent the replication of files that were maliciously encrypted by ransomware. This can be achieved with dynamic segmentation and inherent security features.
“Recent ransomware attacks have highlighted the fact that improvements are needed in any industry or any size of the organisation. With the right framework, tools and processes, companies will become better equipped to disrupt the ransomware attack before it becomes the business’ disruptor,” Burdan concludes.