Experts Warn On Rise Of Hacker Ransoms

The National Crime Agency and National Cyber Security Centre have launched a report into ‘The cyber threat to UK businesses’ – see full report here. The report explores numerous avenues of the UK cybersecurity industry, nothing that ransomware is a “significant and growing” risk. It also states that connected devices and wearables are at risk and are going to be targeted more in future. You can find more on this news here. IT security experts from Micro Focus and Palo Alto Networks commented below.

David Mount, Director of Security Solutions Consulting EMEA at Micro Focus: 

“As this report demonstrates, the IoT is ushering in a new era in security terms. It’s positive that issues like ransomware and IoT security are now part of the national conversation, but we still have a long way to go to encourage connected tech companies to build security into IoT products from the start. All too often device vendors prioritise usability and customer experience over security, and that is putting consumers and businesses at risk. Quite simply, IoT security can no longer be treated as an afterthought.

“In line with other industries, we’re probably going to need government intervention around legislation and safety standards to protect internet connected devices. Exposure of consumer data is a serious and present risk, but with the number of IoT devices set to grow exponentially, a well-coordinated IoT attack could be used to pose a very real threat to our national critical infrastructure – not to mention online banking, emergency services, and commerce in general.

“The government and industry must understand that we’re moving into a world in which we will carry a significant compute capability with us – and perhaps even more importantly, a significant ‘sensor’ capability with us too. The key to securing these billions of ‘smart devices’ lies in Identity. By giving each sensor and device an Identity, device behaviour can be examined and anything unusual can set alarm bells ringing.”

Greg Day, VP and Chief Security Officer EMEA at Palo Alto Networks:

• “One of the most pressing challenges when it comes to security is educating organisations and the general public and, as such, we applaud this report. It plays a crucial role in further helping businesses, governmental bodies and users to keep pace with the threats they face today.
• But for the NCA and NCSC report to have impact, people and organisations must take this broad insight and personalize it, not just file it for future reference.  They need to look at which elements are relevant to them and what personal or business impact it would have, so they can take appropriate steps to manage the risks.  While GDPR comes into force in 2018 and codifies the need for ongoing assessment of the risks and application of the relevant state of the art cyber security controls, businesses and users should be applying these principles today.
• Notwithstanding the report’s warnings, ransomware is still in its relative infancy, yet its evident scope to impact all organisations, rather than just those processing credit card information, means we should expect it to grow.  In the last year, we have seen ransomware start to leverage targeted techniques with Samsa, which has been developed in previous years by nation state attacks.  Most recently new variants like RanRan have broadened beyond just financial motives to include political motives.  In today’s increasingly digitally dependent world, businesses should be cognizant of these trends. Strategies built on actually preventing attacks, rather than just cleaning up afterwards, are absolutely essential to significantly reduce these threats.
• In recent years, CISP has been a great initiative for intelligence sharing between UK organizations. It is also great to see how the Cyber Threat Alliance is driving collaboration between core security vendors, to better work together and automate sharing, not just of threats that are seen, but also the blocking controls and context about the attackers.  The more we all collaborate and crowd source against cybercriminals, the greater the intelligence and compute power we can leverage.  However, this must start at the grass roots level, which requires every business to recognize the value and input their input, be it with members of the CTA or CISP, as they collaborate via their collective members.   The more we can work together, the more we can move unknown high risk attacks into known attacks.
• The threat continues to evolve, not just in terms of the attackers’ techniques, but also what and how organisations use technology to function and flourish.  As such it’s important to regularly review where and how information is shared. As the report says, the rapid adoption of business and consumer cloud services and devices, such as wearables that share information, can provide attackers with insight into our lifestyles that can be used against us. But it is equally important to focus on how these could be sources to tap into business data that may not be recognized as a threat.  For example, whilst many businesses may have significant controls around their core data centers, cloud storage can be a weak point, with businesses often not clear on where and why they are being used.  Stealing genuine credentials is still one of the most common motives for attackers, but where data is stored outside the business, awareness of credential misuse can often go undetected. Cyber risk prevention must start with visibility of your continually evolving IT space, and examining where you can reduce your risks by reducing the potential attack surface you expose.”