Traditional IT is no longer viable and the realities of a connected cloud infested world are not only exciting, they are also enticing and fraught with vagaries, challenging dilemmas and significant risks with an endless amount of opportunities when leveraged in an innovative manner. Cybercrime, generally speaking, is on the rise just as the need to leverage digital forms of marketing, sales, e-commerce portals and data processing is on a significant upward trajectory from an economic and business perspectives. Just as data is the new currency, Ransomware is the new normal of digital exploit as the spectre of ransomware is no longer looming; it is here to stay.
While this can be prevented or controlled to a large extent, the majority of the challenges has to do with the lack of a comprehensive holistic program that is risk, prevention, business focus and security based as opposed to just a compliance effort. Any business that still have not realized that Cyber, Information Security or IT Security based on anyone’s point of reference could pose an existential threat to its business, really need to wake up.
Ransomware has been in criminal vogue for several years but is rapidly gaining momentum and would also become the norm and form of extortion to fund terrorism, extremism and other forms of radical mayhem or just pure economic enterprise. In the most simplistic manner, in addition to other vectors, Ransomware is usually perpetrated via a spear phishing manner which is delivered through an email that purportedly looks like it is from an authoritative source within an enterprise from a higher up such as the CFO/CEO directing some action on the staff to be carried out and usually with some urgency. At some point, someone will click on that link or open the e-mail which triggers an action or multiple actions that initiate the remote control of that enterprise by taking over passwords and systems in a surreptitious manner. No one is immune. From a high level, thanks to David letterman, below are ten critical thoughts that should be top of mind when considering what ransom ware is, the potential impact and some of the things to do as a precautionary method:
Top ten things that you need to understand about Ransomware:
- Ransomware just like overall Cyber Security is a business issue and not a technology issue. CEO/COO/CFOs should be concerned about the reputational risk, revenue impact, cash flow, impairment of goodwill, profitability and overall potential erosion of shareholder value. CIO/CTO/CSO/CISOs should be concerned about all of the above and additionally the potential of losing control of the technology infrastructure to avoid a knee jerk reaction of needlessly spending money after the fact. You will experience a cash call.
- You could be next in line to be victimized. Be prepared and have a good incidence response plan and especially notify authorities and other third parties such as the Cyber reporting agencies. Exploit attempts are on the increase, exploits are becoming more sophisticated and payoffs are becoming more lucrative.
- You could already have been infected without knowing it. Attacks are predictable, methodical and can be targeted or mass distributed via advance persistent threat vectors utilizing either e-mail, web surfing thru website drive by infections, USB or social engineering.
- Ransomware has been around since 1989; it is here to stay and will only get bigger. It has evolved quite a bit especially with advances in encryption utilizing XryptolOcker and Cryptowall
- Ransomware could pose an existential threat if you ignore the threat. Be concerned. Be very concerned that worst case scenario, your crown jewels could vaporize under the spectre of ransomware. Your entire business data can easily disappear including your backups as well. It could potentially put you out of business.
- Ransomware is the new form of terrorism and a new economic enterprise frontier for professional fraudsters and other organized crime groups: there are ransomware-for-hire in existence. The internet provides a significant level of anonymity that makes it easier to perpetuate the crime especially due to cross jurisdictional challenges.
- Healthcare, Finance, Insurance and Governments have a big target on their backs because of legacy system constraints of insecure codes or application environment. Network appliances, cloud services and medical devices are increasingly being targeted. IOT devices are next.
- Since electrical work is not a hobby and you will not hire an apprentice to design your Electrical grid, get a qualified individual to oversee your Cyber program from an enterprise standpoint. Such individuals must have a combination of skills at a minimum - business acumen, technical competency, project management and risk management.
- Privilege accounts are always targeted. Your IT administrators require better training, increase your user awareness, governance and oversight. Enforce utilization of Biometric Multifactor Factor Authentication for all IT admins and all access to any service, sensitive data or device that requires escalated privileges. Know where your privilege accounts resides and who has access to them at all times and for what purpose.
- Have a good inventory and monitoring of your entire enterprise devices, map your enterprise and network, monitor incoming/outgoing traffic, and create user attributes/profiles, including time of use. Create a distributed backup sets leveraging a cloud channel with at least one backup set that is a few hours out of synchronization to provide you with a window of opportunity to revert back to a non-ransomeware infected backup.