In response to findings from insurer Chubb that 2019’s ransomware attacks are already outpacing 2018, cybersecurity experts with diverse backgrounds commented below.
In response to findings from insurer Chubb that 2019’s ransomware attacks are already outpacing 2018, cybersecurity experts with diverse backgrounds commented below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Organisations are having to constantly adjust to new threats. Viral ransomware is a particular nasty approach that has proven successful for a number of groups, this is made all the worse by attackers extracting data to make public.
All firms need to be learning from such attacks and taking the risks very seriously, particularly those in high profile sectors such as Insurance companies, which are targeted because they are rich and not particularly well liked. These steps should include having the right processes, procedures and practises in place for new and evolving scenarios. This includes making sure that personal and commercial information is protected and where appropriate redacted to ensure that even if documents are stolen and exfiltrated out of the building that they are of limited use to any attacker.
Your security is only as strong as the weakest third party\’s security program. If their security programs are not as robust as the leading organization, they are all susceptible to attack. Organisations not only need to focus their security efforts on their own applications, infrastructure and employees, but also those that interact with their digital supply chain. An organisation with a strong and robust security program that can train their employees, assess their ability to spot a social engineering phishing scam and report it, then verify that the third party companies provide the same, can help to effectively prevent a ransomware attack.
Ransomware continues to grow unabated because it works. Hackers are increasingly adept at bypassing conventional security tools, and encrypting data for ransom is much easier than trying to steal it. And desperate businesses are often will to pay ransoms, even though this perpetuates the problem. The problem has become so severe that a consortium of global insurers have started recommending specific security best practices for their customers, rather than just waiting to deal with the aftermath.
As ransomware has evolved it has adopted techniques previously reserved for advanced nation-state actors. In the last several years, we’ve seen strains of ransomware – for example NotPetya — leverage stolen credentials and similar techniques to propagate throughout an enterprise network. For many organizations, this means a single compromised user risks the entire network. Adopting strong defenses against lateral movement and maintaining better oversight of sensitive data are vital objectives for all companies.
The vast majority of ransomware attacks are due to one of two things: a phishing email or unpatched software. Phishing is involved in 70% to 90% of all successful breaches and unpatched software is involved for 20% to 40% attacks. Any single other root cause you can think of accounts for less than 1% of the risk. Every other risk added up all together equates to less than 10% of the risk in most organizations.
So, how do organizations stop ransomware? It’s easy. Don’t get socially engineered into doing something against your interests, and patch software. Nothing else really matters. Unfortunately, we are told that we have to worry about a thousand things and not told that two of these things matter far more than everything else. It leads to a lack of focus, which hackers love. Phishing and unpatched software have been responsible for the greatest number of attacks for over three decades, and this will remain a constant as long as people aren’t trained to pay attention to the right things. Hackers will keep using phishing and attacking unpatched software because those techniques work really well for them.
In fact, a group of major insurance providers identified best security practices as being so important that they designated a select few solutions as “Cyber Catalysts.”