CISOs Are Facing a Real Risk of Cryptoware
The challenges of crypto-wear as an emerging security topic
Cryptoware is advancing on all fronts in the cyber crime space, with attacks from spam and exploits readily happening every single day, in both single-target and mass targeted campaigns.
This isn’t just a regional problem, but a general global infection problem that is unfolding as we speak. If you do get hit, there is only one way to fight off new variants, which is having a very good corporate-scale backup.
The problem is now so big that CISO’s across the industry, in many cases, are facing a real wearing issue from ransomware attacks, with the same organizations getting hit multiple times.
Cryptoware is emerging as a security topic.
How Cryptoware / Ransomware is taking its toll on CISO’s across the industry
The need to provide effective cyber security for organizations across the globe has never been greater than it is today. And while most end users won’t give this statement a second thought, security professionals know that it hides a myriad of challenges on all fronts.
Increasing challenges, enhanced pressure on CISOs
High profile data breaches nowadays incur serious financial consequences and legal actions that can have distressing effects on the organization, no matter if it’s private or public. So, naturally, the responsibility to keep such an unfortunate event from happening falls on one specific group of professionals: CISOs.
Chief Information Security Officers everywhere are under huge pressure to create, manage and deliver effective cyber security solutions to their organizations and their customers. They must find a way to protect their corporate environment from cyber threats that didn’t even exist a few years ago, such as increasingly advanced exploit kits and highly advanced malware.
CISOs are also the first people blamed in case of a cyber attack, although many are not given the necessary resources to prevent such an event from happening. Moreover, decision makers perceive that CISOs also have the responsibility to ensure business continuity in terms of critical technological infrastructure, although, to be fair, security is a company-wide responsibility.
Juggling all these responsibilities, while also remaining one step ahead of cyber criminals is a tough job to have, I think you’ll agree.
The ultimate security challenge: quashing the risk of Cryptoware
A specific security challenge seems to outstrip all others in this landscape, keeping CISOs always vigilant: ransomware.
Cyber criminals developed encrypting ransomware (aka cryptoware) over 25 years ago (the first known ransomware was the 1989 “AIDS” Trojan, also known as “PC Cyborg”), but much has changed ever since.
The newest variants of ransomware are advanced, aggressive, persistent and very, very good at evading detection, especially when it comes to antivirus solutions. CTB Locker, CryptoLocker and Cryptowall are just some of the notable examples that will make CISOs shudder. And it doesn’t help that a market is now evolving for ransomware technology as a service.
Needless to say, organizations all over the world are vulnerable to ransomware, no matter if they’re private or public. Take just two examples: the Illinois and Massachusetts police departments have both experienced cryptoware infections. And many other companies prefer not to disclose information about this type of security breach, but FBI’s warning is clear:
Ransomware has been around for several years, but there’s been a definite uptick lately in its use by cyber criminals.
And not only companies and public institutions are targeted by ransomware. End users are easy targets as well, because they often neglect to update their software and operating systems, providing multiple security holes that attackers can exploit. The “How My Mom Got Hacked” story in NY Times depicts the woes of a CryptoWall 2.0 infection, and the subsequent lessons are a reminder that no one is safe from this threat, unless they do something to protect themselves.
Also, make no mistake, the attackers are very well equipped and are well financially backed. Ransomware is an industry of business, just like any other.
Ransomware protection – how CISOs can fight back
An important part of the answer lies in ensuring that security basics are covered. When focusing on attempted breaches by outside attackers, it’s easy to forget that the company’s employees may be creating significant security holes by ignoring update prompts, for example.
Data leakage via a ransomware infection can endanger business operations, especially if the targeted PC belongs to C-level executives or other managers in the organization. Once attackers gain that level of access to a system, even if there is back-up of all the data on the affected PC, cyber criminals may find other information to use to extort the victim. And once the malware has encrypted the system, there isn’t much that can be done except roll in the backup or pay the ransom (which we don’t recommend). The reason is that the level of security used for to encrypt the system is too tough to decrypt.
Although strongly recommended by security experts, automatic patching is still not leveraged to its full potential, especially in SMBs. It’s important to remember that deploying security patches automatically and silently can significantly increase cyber security levels.
As the intelligence previously shared from our database, 70% of web based attacks the direct target is a vulnerability on end users’ PCs. By having the latest security and feature patches installed, you can ensure that exploits and Zero Days are systematically blocked.
Of course, integrating new cyber defenses into the existing security infrastructure is also essential, and protection against advanced malware is a must in the current threat landscape. Not to mention that more time should go into educating end users on the basics of cyber security.
Together, these 3 strategic investments can ease the pressure off CISOs regarding their top 5 fears: APTs (65%), targeted malware attacks (61%), spear phishing (42%), Zero-day attacks (33%) and insider threats (33%).
Endpoint security has become one of the biggest reasons for concern among CISOs, as the 2015 BlackHat State of Security shows.
Issues with Flash, Java and other vulnerable software shows again that automatic patching and a short time-to-patch is a necessary solution that could provide huge advantages to security managers. Not only that, but having the ability to intercept and block the attack when it hits the endpoint will enable CISOs to tackle parts of the human factor-generated risks.
The human factor itself also creates the dire need for basic information security education that could benefit both the organization and users themselves. Since detection-based security solutions can barely cope with the threats at hand, it’s time to open up to new approaches in cyber security, which can provide reliable results in the long term.