WannaCry: Smaller businesses are at great risk
Written by net-security.org   
Thursday, 18 May 2017 05:30

wannacry smb riskLast week saw a widespread attack with more than 10,000 organisations across 150 countries – including 48 NHS trusts in the UK – almost simultaneously hit by the ransomware strain WannaCry[1]. With data encrypted, the impacted businesses and other institutions experienced significant downtime as they were unable to continue with normal operations. The hospitals, for example, were forced to postpone non-urgent procedures and people were asked not to visit Accident & Emergency.

Ransomware[2] has become more popular in the last few years. It’s mostly flown under the radar with the odd story here and there, but the sheer scope of this attack has made everyone sit-up and take notice. With the ever-increasing number[3] of ransomware strains, these attacks are only going to become more common.

Smaller businesses are at greater risk

WannaCry made the headlines not just because of its scale, but because of the high-profile nature of its victims. Yet, more often than not, it is small- and medium-sized businesses (SMBs) which are often targeted with ransomware. According to Datto’s own research, which involved surveying 148 European IT service providers, 87 percent reported that their SMB clients had been targeted by ransomware in the 12 months up to September 2016. More shockingly, 27 percent had been targeted with multiple attacks in the same day.

Cybercriminals target SMBs because it’s not a fair fight. Ransomware strains are ever-evolving and becoming more sophisticated, with development driven by cash-rich criminal gangs; while SMBs rarely have the resources or manpower to stay ahead of the threat.

Moreover, the downtime experienced after an attack can be crippling. Established firms will have the resources to stomach the cost of not being operational for a few hours or longer, small businesses don’t have the same buffer. As such, paying a ransom can seem like the least bad option.

Ransomware perpetrators act like ‘legitimate’ businesses

While attackers have sometimes taken a ‘throw it and see what sticks’ approach to their criminals activities, over recent times they have become more strategic in how they target SMBs. Many have adopted sophisticated business practices in an attempt to tip the balance even further in their favour.

To begin with, ransomware programmes charge varying amounts. Ransoms can depend on the type of data, the amount of it, or the size of the company, and cybercriminals adjust amounts depending on success rates. The average ransom is priced between £500 and £2000, an amount that some SMBs will simply accept as a cost of doing business in the digital age. As these amounts are often less than their insurance excess contributions, many do not report attacks. This lack of reporting has been one of the key reasons for the low levels of awareness around ransomware; at least until WannaCry hit last week.

Attackers also take time to research targets. Ransomware is mostly spread via links within phishing emails, so getting unsuspecting victims to believe that messages are legitimate is paramount. The cybercriminals will trawl through an employee’s digital presence, in order to create emails that appear to come from business partners, colleagues, family and friends.

When ransomware does take hold, SMBs are usually unsure what to do next. If they decide that paying is the best option, they may not know how to meet the demands, particularly if a cryptocurrency such as Blockchain is required. To help make the payment process more seamless, some ransomware programmes come included with ‘helpful’ pop-ups and support to walk SMBs through it. They use soft and friendly language, as you would expect from a real business when calling for support – they seem as if they are there to help.
Some programmes take the opposite approach and scare SMBs into taking action more quickly. For example, by threatening to delete data at regular intervals until demands are met.

A multi-layered defence is the only way to mitigate ransomware

Most businesses understand the importance of anti-virus and firewalls, but not that they don’t always provide watertight defences. The WannaCry attack exploited a vulnerability in the Window OS, which has since been patched, but there are always new strains of ransomware that will find another gap. It’s almost impossible for defences to stay ahead of the curve, but SMBs must patch regularly to ensure older strains can be detected.

SMBs should also educate staff about the red flags of phishing emails and how to avoid questionable downloads. Everyone is guilty of accepting terms and conditions without reading them, but clicking ‘yes’ to certain items will bypass a firm’s entire security setup, no matter how comprehensive it is.

The only way of truly mitigating the impacts of ransomware[4] is through backup. If SMBs take system snapshots at regular intervals, they can simply rollback to the most recent ‘healthy’ point before a ransomware attack took hold. Being able to spin up systems almost instantaneously drastically decreases the amount of downtime from hours to minutes, and means that no ransom has to be paid.

Ultimately, ransomware can deliver a lot of bang for its buck so it’s perhaps unsurprising that it’s becoming a popular weapon for cybercriminals. The WannaCry attacks highlighted just how easy it is for ransomware to cause havoc on a global scale, but SMBs must understand that this threat is not above their heads. It’s vital that they adopt a multi-layered approach which encompasses antivirus and firewalls, as well as backup.

References

  1. ^ WannaCry (www.helpnetsecurity.com)
  2. ^ Ransomware (www.helpnetsecurity.com)
  3. ^ ever-increasing number (www.helpnetsecurity.com)
  4. ^ mitigating the impacts of ransomware (www.helpnetsecurity.com)
 
3 in 5 companies expect to be breached in 2017
Written by net-security.org   
Thursday, 18 May 2017 05:00

New research found that of the 50 percent who reported being breached in 2016, the average material impact to the business was $4 million.

expect breach

Vanson Bourne interviewed 600 senior IT decision-makers at organisations with at least 1,000 employees across Australia, France, Germany, Italy, the United Kingdom and the United States.

The survey found that 35 percent of companies suffered two or more breaches in the last twelve months. Unfortunately, 3 in 5 expect to be breached in 2017, with 29 percent believing they won’t even know they were breached when it happens. As a result, survey respondents are focused on mitigating their exposure points as an organisation – with 65 percent seeing identity management as a foundation of their security strategy.

Common areas of risk that organisations need to address

Documents and files may be an enterprise’s biggest downfall in 2017: Unstructured data that lives outside of structured corporate systems and applications is a huge red flag for enterprises today – even though that data runs rampant through a typical enterprise, 41 per cent aren’t sure how to manage and protect that data from theft.

Employees need to understand – and follow – corporate security policies: Over one-third of respondents (42 percent) cite trends like BYOD and Shadow IT as great areas of risk for their organisation, yet less than half have formalised corporate security policies in place. Coupled with the risks posed by continued poor password hygiene[1] cited by 25 percent of respondents, it’s clear that enterprises need to better outline and enforce corporate security policies, company-wide.

The contractor workforce is an enterprise blind spot: The surge in freelancers, contract workers and other third parties that make up today’s diverse workforce presents a significant challenge for organisations as it relates to managing identities and their access. 46 percent of respondents are concerned with the threat that contractors may pose to their organisation, with 70 percent admitting they don’t have full visibility into the access contractors have to corporate systems and the sensitive data that lies within.

expect breach

IT decision-makers now view identity as the center of their security program

  • 46 per cent of respondents are concerned about proper visibility into who has access to what across their corporate network, with a majority (86 percent) admitting that if their CEO’s email was hacked, they wouldn’t immediately know what their exposure points were.
  • 77 per cent of respondents now understand the importance of having strong identity governance controls in place across their organisation’s entire IT infrastructure, especially when it comes to showcasing that those controls are in place to their board of directors.
  • The benefits of an identity governance programme are clear, with respondents citing enhanced security (65 percent), a more automated and efficient organisation (64 percent), and business enablement (58 percent), as key business benefits.
  • Specific to European respondents, as the GDPR compliance deadline looms, compliance bubbled to the top as a key goal and driver behind identity governance programmes for nearly three-quarters (73 percent) of UK respondents.

References

  1. ^ password hygiene (www.helpnetsecurity.com)
 
<< Start < Prev 11 12 13 14 15 16 17 18 19 20 Next > End >>

Page 12 of 20