Ransomware - the case for the defence

 Dimension Data and Cisco publish new white paper that provides organisations with a framework for ransomware defence.

Dimension Data and Cisco have joined forces and published a white paper to help organisations stay ahead of ransomware threats. Called Ransomware: The Pervasive Business Disruptor the paper looks at ransomware trends and impacts, and how to respond before a threat becomes a business disruptor.
According to a Cisco 2017 Mid-Year Cyber Security Report,ransomware is one of the main threats to digital business. Globally, around 49% of businesses experienced at least one cyber ransom attack in 2016, and of those, 39% were ransomware attacks. In the US alone, the number of attacks rose 300% from 2015 to 20161.
This trend can be attributed to the growth of ransomware-as-a-service (RaaS) in the first half of 20172, where cyber criminals pay the operators of RaaS platforms to launch attacks.
“The escalation in ransomware attacks in the digital economy makes every organisation a target,” says Matthew Gyde, Group Executive – Security. “This risk escalated when cryptocurrency and bitcoin became a common avenue for ransom payment. That’s because cybercriminals cannot be traced. And as more employees work remotely on personal devices, the risk is further compounded.”

Deep threat Intelligence and research are key to outsmarting cybercriminals, and a
critical success factor is to disrupt the attack before it becomes the business disruptor,” Gyde explains. “But security controls alone are not sufficient to address a ransomware threat, and organisations need to adopt a multi-layered approach to stop the cyber kill chain. This means identifying emerging threats before an attack, quick detection, a swift response to an attack, all the way through to the backup and recovery process.”
The ransomware white paper includes a six-point framework for organisations to adopt to defend against a ransomware attack:
  • Predict and be informed before the attack occurs: Proactively research what’s discussed on the dark web, new exploits that will be used, and industries or companies that will be targeted.
  • Protect: Identity and access management (IAM) tools are essential to protecting enterprise devices and computing assets. Network access control (NAC) ensures that only devices that have the adequate security settings and adhere to IT security policies are able to access corporate systems.
  • Detect: Technologies should be in place to detect anomalies in the infrastructure, in the event that malware has infiltrated the endpoints or network. The network must be monitored to check for indicators of compromise. Turning on AI-enabled malicious traffic detection, can also help automate detection swiftly before the attack worsens.
  • Respond: When a ransomware incident has been detected, security experts must work fast to block malicious communication channels at the firewall or IPS, and quarantine infected machines.
  • Recover: Backup is a critical part of the strategy for fast recovery. In addition, the backup system needs to prevent the replication of files that were maliciously encrypted by ransomware. This can be achieved with dynamic segmentation and inherent security features.
“Recent ransomware attacks have highlighted the fact that improvements are needed in any industry or any size of the organisation. With the right framework, tools and processes, companies will become better equipped to disrupt the ransomware attack before it becomes the business’ disruptor,” says Gyde.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
73% of organizations lack automated patch management, and 62% experienced incidents involving exploitation of a vulnerability for which a patch was available but had not yet been deployed.
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with certain of its affiliates, “Clearlake”) to acquire the Company from Francisco Partners. Patrick Nichols, current CEO of Quest, will continue to lead the Company supported by the existing executive management team. Upon closing of the transaction, Clearlake will become the majority shareholder in Quest. The terms of the transaction were not disclosed.
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to help secure, isolate and recover data from a ransomware attack.
Aqua’s cloud native application protection platform becomes the only solution that protects cloud applications, their code, and their CI/CD infrastructure.
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities compared to legacy on-premises hardware and appliance-based models.