By Dave Waterson, CEO, SentryBay
As devices and applications move outside the corporate network, incidences of cyber-attacks are increasing. Among the many different threats that face organisations, ransomware is growing in number and force. In fact, 2021 saw a record number of ransomware pay-outs.
Keeping up with the chameleon nature of malicious actors is always a challenge for organisations, and the current success of ransomware is due in part to its model evolving to evade detection. Data is now being exfiltrated and encrypted, and attacks are being launched on an industrial level.
Such is the scale, and effectiveness of today’s technologically-sophisticated ransomware attacks, a report from the Ponemon Institute on the state of cybersecurity found that 45% of small to medium-sized businesses internationally are finding their IT posture is ineffective at mitigating attacks. In addition, 69% have noticed that cyber-attacks are becoming more targeted.
The process of exfiltrating as well as encrypting data – known as double extortion – alongside Ransomware as a Service (RaaS) is being adopted by criminal gangs often crossing international borders, and by state-sponsored hackers. Research by Chainalysis published in February found that more than $400 million worth of cryptocurrency payments in 2021 went to groups ‘highly likely to be affiliated with Russia’. But an operation to crack down on ransomware gangs also saw arrests made in Romania, Ukraine, South Korea and Kuwait.
Without adequate protection in place, company executives face threats that quickly escalate with the daunting prospect of losing precious data unless demands are met. Modern ransomware is less ‘smash and grab’ and more strategically planned, to the extent that flexible terms for payments are even offered, including the decrypting of assets in instalments.
Guarding against ransomware attacks means doing away with traditional perimeter-based security as a main line of defence. It is simply too easy for hackers to breach. Post-COVID we live in a hybrid world of working practices and security managers are grappling with how to safely permit access to vital data on a multitude of devices without compromising the network. The move to the cloud and increased implementation of SaaS only make the issue more acute.
On top of this, insurers are also getting twitchy about paying out to cover policyholders who have succumbed to ransomware demands. AXA, for example, announced last year that it would no longer write cyber insurance policies that reimburse French customers for payments made to ransomware hackers. There are two possible outcomes to this. The first is that other insurers will follow suit and stop writing policies, in which case this is likely to deter ransomware attacks. The other is that insurers will demand stringent security protocols are put in place to minimise the risk of a ransomware attack before they agree to provide cover.
Against this alarming backdrop, security and network managers must deploy an appropriate level of defence and it should encompass the most vulnerable corporate target – people. Security should be delivered through fit-for-purpose software specifically focused on creating a micro-environment in which data and applications are securely wrapped whether employees are working in the office or remotely.
Never trust always verify
They should also be adopting a zero-trust approach, which by default, ensures employees and their devices are not trusted until they can be verified. It is no coincidence that the White House recently announced that it was instructing all federal agencies to officially move to a zero-trust approach to cybersecurity to reduce the risk of attacks against its own digital infrastructure. It is also widely supported by organisations in the UK, as a recent poll SentryBay conducted amongst security professionals found. 58.3% said that they believed that a zero-trust approach was essential. However, only 33.6% had implemented such an approach.
Time really is of the essence because ransomware attackers are taking advantage of employees working outside the corporate network to infiltrate networks through vulnerable endpoint devices. The working world has been turned upside down in the last two years, not just because so many of us have been forced to work from home, but also because network infrastructure is moving away from on-premise and into the cloud. The state of flux is ideal for cybercriminal activity to flourish but, if organisations make efforts to educate their teams and take a proactive, zero-trust approach to protect networks and endpoint devices, they will halt ransomware attempts in their tracks.