BACKGROUND:
The US government’s response to the ever growing threat of ransomware is long overdue, but is it too late? With more priority set to be placed on ransomware attacks and the consequential investigations, we’re in a prime position to make strides in preventing these attacks.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>Growing Cybercrime, specially Ransomware, is no longer a news to anyone. Ransomware alone is expected to cross $20B by 2021 (source: Security Ventures). This requires a serious overhaul and a new way to thinking.</p> <p>The ransomware affects multiple people in ways that can\’t easily be controlled. The highest ransomware paid was in the tune of $4.5MM (source: itgovernance.co.uk) and highest demand has been $30MM (Source: zdnet.com). 5 big claims can wipe out the insurance premium that the company earned (Source: HBR). Companies today rely on Cyber Insurance to protect them in case they are victimized by ransomware. The Insurance companies are also monitoring this development closely. It was already hard for them to make money in this new niche, and now they are trying to either increase the insurance cost or limit their exposure. Consider the possibility of not having Insurance cover the entire ransomware demand.</p> <p>The government needs to take few steps here to support the fight against ransomware. They need to find a way to somehow subsidize Insurance Companies\’ cost, provide tax relief to private sector to encourage keeping money aside for possible ransomware attack, collaborate with Telcos and private sector to hunt the attackers down. Is the traffic actually originating from where the hacker wants you to believe? What is it trying to connect to? What business it has on that server? Have Zero trust Philosophy as Charles Everette pointed out above.</p> <p>At vendor management level, is your vendor compliant with all the regulations and cyber security requirements? Is the vendor patching their own server, software and other infrastructure items that he uses to provide services to your organization? What is the governance mechanism? How often do you ask for evidence?</p> <p>As TD Bank\’s Head of Cyber Security -Claudette McGowan says \"defenders must collaborate as effectively as attackers\", only then we can stay a step ahead of them.</p>
<p dir=\"ltr\">Major flaws in vital US infrastructure have been well documented by the government itself and 3rd party investigations, and these reports have all identified key vulnerabilities in vital infrastructure that malicious actors have and will continue to exploit. These attacks have taken advantage of common security gaps that were created when companies started leveraging automation for data analytics, operations and management. The primary thinking around leveraging automation was “ease of use” and lowering of operating costs. Unfortunately security was not a consideration in these strategies, nor did it appear on the long-range radar of companies. Now, years later and after several attacks on US infrastructure, we’re paying the price of these vulnerabilities and security gaps are being investigated in earnest.</p> <p dir=\"ltr\"> </p> <p dir=\"ltr\">Prosecution after the fact is not solving the issue. Companies need to stop being reactive and move to being proactive and should be looking for solutions to prevent these attacks, not reacting after the fact. </p> <p dir=\"ltr\"> </p> <p><span id=\"m_-8319597302703732888m_6931704557869374614gmail-docs-internal-guid-5759783b-7fff-74df-e433-07fb9b5a4517\">Predictive deep learning has proven to prevent these types of ransomware and next-gen zero days threats – months to even years before the threats were even conceptualized, much less leveraged in attacks. In practical testing just this week, we saw success in preventing new variants such as those used in the attack against JBS (REvil), Washington D.C. Police (Babuk), and last month at CNS Financial (Phoenix Locker/Hades). These attacks, and the other highly publicized attacks in recent months, all would have been stopped before they made it into a customers’ network. In the era of Snake, Maze, DoopelPaymer, Hades, ReEvil, DarkSide, and others, this means companies would not be impacted by these growing and sophisticated threats.</span></p>