BACKGROUND:
Recently it was reported that ransomware Task Force proposes technical regulatory measures to disrupt ecosystem. A new task force consisting of technical experts, policy makers, officials from the FBI and United States Secret Service, and international law enforcement agencies has developed a broad set of recommendations to help address the ransomware epidemic, including technical and legal means for disrupting these operations and the payment infrastructure that underpins them.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>The release of the Ransomware Task Force’s (RTF) <a href=\"https://securityandtechnology.org/ransomwaretaskforce/report/\">‘Combating Ransomware: A Comprehensive Framework for Action’ report</a> findings is an important step in instituting the proper frameworks, enforcement, and funding to make a difference for businesses around the world.</p> <p>Our recent <u><a href=\"https://www.datto.com/resources/dattos-2020-global-state-of-the-channel-ransomware-report?utm_campaign=2020-global-ransomware-report&utm_medium=press-release&utm_source=132?utm_campaign=&utm_medium=press-release&utm_source=132\">Global State of the Channel Ransomware Report</a></u> found that while threat actors do not discriminate, 95% of Managed Service Providers (MSPs) state that their own businesses are increasingly being targeted and 78% of MSPs reported attacks against small and mid-sized businesses (SMB) in the last two years. Any recommended solutions must therefore apply to a wide array of affected sectors, including MSPs and SMBs. MSPs continue to be on the frontlines of a cyberwar but need more support, and the RTF report elevates this concern.</p> <p>The RTF report found that MSPs do not commonly provide extensive security coverage or ransomware mitigation, but doing so would create a widespread positive impact for SMBs. This is now the time for concerted, coordinated action and we will work with our MSP partners to further the effort in combating ransomware.</p>
<p>The Ransomware Task Force is absolutely right to state that ransomware is a serious threat to organisations, as these attacks are clearly on the rise with multiple threat actor groups developing and utilising it to extort money from unprepared victims. The recent Mimecast State of Email Security report found that 48% of UK businesses have been affected by ransomware in the past 12 months. These attacks can have massive ramifications for organisations such as downtime and loss of productivity, with our research showing that 33% of UK businesses affected by ransomware suffered between two and three days of downtime, with business disruption (38%), impact to employee productivity (35%),and data loss (29%) the most common consequences. With this in mind, it is unsurprising that our research found that 50% of organisations impacted paid the ransom.</p> <p> </p> <p>It is really positive that this report urges governments to recognise ransomware as a national security threat, as I believe it has become the pre-eminent threat of our time. Organisations must recognise this threat and invest in their cybersecurity to help alleviate the risk of ransomware. The best way to ensure business continuity without being extorted is to implement strong resiliency measures. Organisations must ensure that they are also training their employees to spot unsafe attachments and suspicious emails, by providing regular cyber-awareness training. Mimecast’s recent State of Email Security report shows that only 19% of companies currently provide cyber awareness training on an ongoing basis. It is important for cyber awareness training to be regular in the workplace, as only then will it build employee knowledge of security and educate them on the significant part they play in protecting an organisation. In the face of this increasing level of threat to all organisations, cyber-hygiene and user awareness training will be critical to maintaining security. Hopefully this news will help businesses to understand just how big of a threat ransomware is.</p>