Ransomware – When and How? And How to Protect Your Business

Ransomware – When, How? And How to Protect Your Business

cybersecurity-2022-blocking

Ransomware – When, How? And How to Protect Your Business

(By Taslim Khan. This article was originally posted in the This is Queensborough – July 2023 Edition and has been slightly amended for this format)

Ransomware is not a question of IF, rather When. It is not our intention to create unrest or panic among
businesses and the readers; rather to prepare you – Ransomware attacks are a reality today. Businesses of all sizes are targets. A small firm with 5 employees is just as much a target as the large multi-billion-dollar companies such as Target, Sony, T Mobile, YUM Brand (KFC, Taco Bell, Pizza Hut). 60% of the Small to Medium Businesses (SMB) have experienced a data breach. However, be assured that all businesses are under attacks of ransomware. Even municipalities and city governments had to pay large ransoms to free their network. The list, very unfortunately, is long and only growing. To the threat actors – dollar is green – from every source – large and small – private, government, for profit, non-profit – Ransomware is an equal opportunity offender.

HOW & WHEN?Ransom ware, Cyber attack concept. Warning message on a computer screen. Woman working with a laptop. Office business wood table background.

So, let’s take a look at how Ransomware works. In almost every case, there was a sleeper agent that got into a network, typically 6-12 months before the actual attack was initiated. This agent/malware monitors all the traffic and analyzes data. The Threat Actors – the bad guys – gather all the critical business and financial data – including daily financial transactions, deposits, bank balance etc. Once enough information is gathered and a plan of attack is solidified – the attack takes place.

90% of the Ransomware attack gets initiated through an email. Typically, an email is sent to many users on the network. The email is spoofed and made to look like it was sent from a reliable/trusted source. It could be made to look like it is coming from the CEO or the CFO of the company with their name on the email address. With an embedded link and instructions – such as “Hey Joe, yes this invoice is approved – please remit payment” Once that link is clicked – BOOM. The network and the server(s) are completely locked down. A message will appear on the user’s screen with instructions to make ransom payment. Unless that payment is made – the network stays locked, and your business comes to a screeching halt.

Also: Qualifying for cyber security insurance – Part 2: Going Down The Checklist


Chess board towerHow to protect your business?

To secure your network & protect your business, a multi prong approach is required.
First, you must consider Managed IT infrastructure/service from an MSP (Managed Service Provider)
& Disaster Recovery as a Service (DRaaS) + Backup as a Service (BaaS) from an MSSP (Managed
Security Service Provider). Both these companies must maintain geo-diverse multilocational SOC or Security Operations Center, preferably with global locations.

Extra man power

These MSPs and MSSPs are manned by 40-50 security engineers & specialists per location. They monitor all traffic and the end points that are deployed and in production – in real time – 24/7/365. Eyes on the glass round the clock – all threats are dealt with and mitigated in real time before they reach your network. Your business infrastructure is always monitored and protected and the guys & gals protecting it are nerver closed – not on Christmas and not on New Years Eve.

This is the maximum protection your dollars can buy to secure your assets and protect your business. The security fortress can be quite elaborate and multi-layered. However, there are some absolute basic necessary measures that must be implemented.
They are as follows:

For your network:

  1. Next Generation Managed Firewall – for your entire network infrastructure,
  2. End Point Detection & Response – for all your server, desktop & laptops,
  3. Threat Intelligence Management Service – this will block all known threats before they can infiltrate your network/firewall.

For Back-up and Disaster Recovery:

  1. Backup as a Service (BaaS) & Disaster Recovery as a Service (DRaaS) – for your server,
    Backup as a Service (BaaS) – for your emails.

Again, network security is like Swiss cheese. There are lots of holes in it. There needs to be multiple layers of services from multiple different vendors to secure your network. How deep you want to go is up to your threat and risk tolerance.

Implementing the above services will significantly improve your security posture and protect your network. However, if you have been mandated to implement stricter security measures or cyber security insurance, then you may have to implement further network security measures. Please consult a Cyber Security Specialist to discuss your options.

An aerial shot of the Eltz Castle surrounded by trees in Wierschem, Germany

 

Qualifying for cyber security insurance – Part 3: Staying in Compliance

Qualifying for cyber security insurance – Part 3: Staying in compliance


Matsumoto Castle88% of companies now consider cybersecurity a business risk. The time may come when the executives of a firm want to draw up their battle plans. They might have heard of a competitor who got affected and lost significant revenue. They might have seen or read a story in the news which raised an alarm, as so many stories around cyber attacks do these days. The time for action is now.
So how can a business get from a house built with straw and clay to a full-blown fortress with solid walls, watch towers and a strong roof? Below are some suggestions our team of consultants compiled to go from here to there.
STAYING IN COMPLIANCE: THE MOAT, THE DRAW BRIDGE AND THE FLAG.

Before we dive in, let’s step back for a moment. How do data breaches happen? What are the hacker’s strategies? What are the weaknesses they are looking for? Once we learn their tricks – we can better prepare and put the right security measures in place that will simultaneously protect our business while staying within budget and compliance. If done right – we can fight fire with fire.

  1. Research: The  criminals looks for weaknesses within the network. These include:
    • Unsecured network.
    • Unsecured communication channels such as unencrypted emails.
    • Software that has not been updated to the latest version with the necessary patches.
    • Attempt to hack into user account through bugs within an applications.
    • Taking possession of credentials and passwords. The hacker can be aided in this by software that run through millions of the most popular credentials and tries them out on the system (think “12345” or “password).
  2. Attack: The cyber criminal contacts the network or performs a social attack.
    • Network: take advantage of any or all of the weaknesses described above.
    • Social: tricking or baiting employee via email to giving out their password or opening a malicious attachment/link.
    • Prepare for extraction of data or control of the network: Once inside, The criminal plants a piece of malicious software or malware on the network.
  3. Control of your Network: Once they gain access, the hackers are in your network planting malicious software and or malware.
  4.  Exfiltration: The criminals now can track all your web traffic including sensitive information. They have the means to lock down any and all machines within your network including the server. Then they will demand a ransom – typically a financial payment of a significant proportion. This is a “Ransomware attack”. They can start deleting files if you do not that ransom within their demanded time frame. This is really bad news.

Now that we have gained insight into what cyber criminals are looking for and will do when attacking an organization, we can come up with a list of components a business must implement to build a castle that does not look appealing to pillagers.

  1. Network security: Fully managed Firewall with anti-malware and anti-spyware that will include MDR or Managed Detection & Response. 
  2. Internet security which is designed to monitor incoming internet traffic for malware as well as unwanted traffic. This protection may come in the form of firewalls, anti-malware, and anti-spyware.
  3. Applications, data, and identities are moving to the cloud – traditional on premise security stack is simply not intelligent enough to counter the latest threats. Only Cloud Security can deliver maximum and the most up to date protection. It can help secure the usage of Software-as-a-Service applications and the public cloud.
  4. Application security diminishes the likelihood criminals can gain access. It helps prevent is an added layer of security which involves evaluating the code of an app and identifying the vulnerabilities that may exist within the software. This coded into the software itself.

Also: Qualifying for cyber security insurance – Part 2: Going Down The Checklist


Going Beyond ComplianceGirl goes over the bridge
The role of IT staff, CTOs and IT-Directors is changing yet again.

When going down memory lane, some of us may recall the role of an IT staff member in the 80s and 90s – it was a very hands-on position, this team member was an all-rounder and had the skills to mostly manage on-site devices themselves. In the early 2000s even more technical knowledge to manage the network was required and very specific skills were needed. The IT team would start engaging and leveraging their partner carriers and IT manufacturers more and more. In the 2010s, a shift took place where IT executives needed to become advisors to the other c-suite members: IT technology had become something that started to shift away from the local area network to the wide area network, managed by the cloud provider. Fast forward to the here and now, the 2020s: IT technology is now a core business driver, and most businesses have various IT projects ongoing all at the same time.

This brings us to cloud based and managed security solutions and why it seems wise right now to make a shift to managed security services.

Increased requirements to provide adequate cybersecurity can not be done by internal staff alone.
    1. The majority of breaches happen in the weekend and during holidays. Internal IT staff often can not work around the clock. This matters because the average time to contain a breach is 80 days (IBM).
    2. It takes an average of 287 days to identify a data breach (IBM). Businesses deserve 365/24/7 monitoring by a network operations center.
    3. Organizations with more than 60% of employees working remotely had a higher average data breach cost than those without remote workers (IBM). It’s harder for IT teams to monitor remote workers.
Internal staff benefits from managed and cloud based security services:
    1. More time to spend on core initiatives that drive revenue rather than worrying about security.
    2. It’s challenging to keep up with certifications and monitoring when attacks are becoming more and more sophisticated.
    3. Focus on staff education, communication and design of virtual desktop space to prevent breaches from happening in the first place.
Compliance is becoming more stringent.
  1. All business in NY state for example need to be in compliance with the SHIELD Act. Businesses in the financial and healthcare industry require compliance to continue to do business. Managed security providers will explain what compliance are met when a new subscriber considers enrolling with their service.
  2. Fines and penalties for non-compliance are an avoidable expense.

Water lily moat


(more…)

Qualifying for cyber security insurance – Part 2: Going down the checklist

Qualifying for cyber security insurance – Part 2: Going down the checklist


Medieval fortified city of Carcassonne, France
88% of companies now consider cybersecurity a business risk. The time may come when the executives of a firm want to draw up their battle plans. They might have heard of a competitor who got affected and lost significant revenue. They might have seen or read a story in the news which raised an alarm, as so many stories around cyber attacks do these days. The time for action is now.
So how can a business get from a house built with straw and clay to a full-blown fortress with solid walls, watch towers and a strong roof? Below are some suggestions our team of consultants compiled to go from here to there.
BUILDING THE FORTRESS: THE ARCHITECTURE, THE BRICKS, MORTAR, THE WATCH TOWER AND THE ROOF.

Before we dive in, let’s step back for a moment. How do data breaches happen? What steps to hackers take before they breach and what weaknesses are they looking for? If we can learn more about this we can use that knowledge to make wise decisions around implementing the right IT infrastructure so we can stay within our budget and make compliance doable for all employees.

  1. Research: The cyber criminal looks for weaknesses in the company’s security. The comprise of:Ancient Catapult
    • Looking for an unsecured network.
    • Looking for unsecured communication channels such as unencrypted emails.
    • Looking for outdated software which is missing a software patch.
    • Attempting to get access to user accounts through bugs in applications.
    • Taking possession of credentials and passwords. The hacker can be aided in this by software that run through millions of the most popular credentials and tries them out on the system (think “12345” or “password).
  2. Attack: The cyber criminal contacts the network or performs a social attack.
    • Network: uses one of the previously mentioned weaknesses to infiltrate the organization.
    • Social: attempts to trick or bait employees in an email in giving out their password or opening a malicious attachment.
  3. Prepare for extraction of data or control of the network: Once inside, The criminal plants a piece of malicious software or malware on the network.
  4. Exfiltration: Depending upon the type of malware is in place the criminal can track what a user types into a machine or locks the system and demands a ransom from the company so they can regain access to their data. Once the hacker extracts the data or can show proof of having the data, the attack has been completed.

Now that we have gained insight into what cyber criminals are looking for and will do when attacking an organization, we can come up with a list of components a business must implement to build a castle that does not look appealing to pillagers.

  1. Network security which prevents unauthorized or malicious users from getting inside the network. Network security needs to take place on every single endpoint: PCs, laptops, smartphones and IoT devices.
  2.  Internet security which is designed to monitor incoming internet traffic for malware as well as unwanted traffic. This protection may come in the form of firewalls, anti-malware, and anti-spyware.
  3. Applications, data, and identities are moving to the cloud. The traditional security stack will not protect this platform. Cloud security can help secure the usage of Software-as-a-Service applications and the public cloud.
  4. Application security diminishes the likelihood criminals can gain access. It helps prevent is an added layer of security which involves evaluating the code of an app and identifying the vulnerabilities that may exist within the software. This coded into the software itself.
Also: Qualifying for cyber security insurance – Part 1: The Basics

(more…)

Qualifying for cyber security insurance – Part 1: The Basics

Qualifying for cyber security insurance – Part 1: The Basics


Insurance ConceptWe have all seen the news: large corporations and government agencies alike have been under attack in cyber space.
Maybe some of your clients have been breached as well? Cyber Security Insurance might be a solution you are looking to offer to your clients. In this post we discuss some of the basics your clients can do when starting their journey to the cloud.
 
THE BASICS: THE FOUNDATIONS OF THE FORTRESS.

The number 1 component what matters is the level of urgency and importance executives give to securing their businesses. If cyber security is a priority, reputable providers can step in and implement a solid cloud based IT infrastructure which prevents and mitigate breaches.  No matter the size of business, big or small, every business needs a modern, up to date cyber security infrastructure. And while cybersecurity insurance premiums are going up 20-30% due to the increase in attacks, here are a few reasons why:

  •  88% of companies now consider cybersecurity a business risk. (Gartner 2022)
  • The average ransom payment made by PaloAlto case workers in 2022 was $300,000. (Paloalto 2022)
  • 60% of companies victimized by ransomware experienced revenue loss (Thrive 2022).
  • A cyber-attack occurs every 39 seconds (University of Maryland).
  • About 1 in 6,000 emails contain suspicious URLs, including ransomware. (Thrive 2022).
  • The average downtime a company experiences after a ransomware attack is 21 days. (Thrive 2022).
Also: Are You Affected By a Data Breach?

Castle of the MotaNo fortress will hold if the foundations which must support the walls are built on shaky ground. At a minimum businesses need to implement the following:
An attitude of responsibility and vigilance. Standford university reports at 88% of breaches can be contributed to human error.
    1. Avoid weak and default user credentials.
    2. If sharing passwords, use a password management service. Lastpass offers service for $6/user/month for example.
    3. Implement multi-factor authentication.
    4. Keep hardware and software up to date.
    5. Make sure all staff receives basic cyber security training during on-boarding with the company.
    6. Enforce IT policies and procedures.
Implement basic cyber security services:
    1. Install a cloud based firewall or any other reliable form of 24/7/365 monitoring of in and outbound traffic.
    2. Store all sensitive and confidential data on platforms which have been proven to be safe – an encrypted drive or an CRM which is fully compliant. Storing sensitive data offline is also an option.
    3. Subscribe to a service which can preform routine data backup and recovery tasks.
Prepare for a possible incident:
    1. Create procedures around lost or stolen hardware and equipment, making sure they can be disabled as soon as equipment has vanished.
    2. Create a disaster recovery or business continuity plan and perform an annual drill, making sure it works.
    3. Communicate and educate all employees.

The world is changing quickly and our reliance on IT technology is increasing day by day. Prudent planning and management can keep businesses in the game. Digital transformation can bring opportunities and flexibility but this needs to be done in a way where the fundamentals are covered and assets remain secure.


(more…)
Scroll to top
Cloud 9 - Delivered!

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Cloud 9 - Delivered! will use the information you provide on this form to be in touch with you and to provide updates and marketing.