by Simon Edwards
Late last week the FBI was forced to make yet another public service announcement on the growing ransomware epidemic. In it, the Bureau pleaded with businesses to report infections, so that the authorities can get a better idea of the scale of the problem they’re facing. It also warned that cybercriminals are increasingly targeting business servers in the hope of infecting more machines and extracting a greater ransom from their victims.
This tells us two things: that the authorities still haven’t got a handle on the problem facing citizens and businesses, and that organisations are failing to put in place layered security to lock down risk across multiple threat vectors. We address both in a new report out this week.
A cyber pandemic
Part of the problem with any major new cyber threat is knowing how far it has been disseminated – how many businesses it has affected. Only with a clear view of the scale of the problem and how firms are reacting to it can a suitable response be crafted. The problem is that many firms don’t want the bad publicity that may come with admitting an infection – especially as it may harm the share price or even drive customers away. And if no data is breached they may be under no obligation to report to the authorities.
We’re happy to step in here. The new Trend Micro report features a host of fascinating details, which hitherto have been hard to elicit from organisations. For example, did you know nearly half (44%) of the organisations we polled admitted to suffering a ransomware infection over the past two years. And nearly a third of those were hit more than once, with the unluckiest firm being struck a staggering five times. There’s not much time to pay either, with the majority (57%) claiming to have had less than 24 hours to respond to their extorter.
The FBI might not know the scale of the problem, but Trend Micro identified 79 new ransomware families in the first part of 2016 alone, a whopping 179% increase on the 29 spotted in the whole of 2016. That stat alone tells us how far and how fast things are escalating.
It’s pretty clear from the FBI’s announcement that many organisations are still failing the security basics when it comes to mitigating the risk of ransomware infection. Many only secure the endpoint, or perhaps the email gateway, but don’t think about their servers, for example. That’s why we recommend a layered approach to security which sees protection at the web and email gateway, endpoint, server and network. Only with this kind of set-up can organisations be reassured that they’ve done the maximum possible to prevent an infection.
Here are a few other tips from the report:
Backup: It sounds obvious, but backing up regularly means you’ll be able to recover that mission critical data without paying the ransom. Follow the 3-2-1 rule: at least three copies, in two different formats, with one copy off site/offline.
Education: Make sure staff know the risks of clicking on links and opening attachments in unsolicited emails. They can be a great first line of defence.
Network Segmentation: This will help to halt the spread of infection through the network.
Application control: Try app whitelisting, which will ensure nothing that hasn’t been pre-approved can run in your IT environment, minimising the risk of infection.