Ransomware is A Real Threat

Within hours of the outbreak of WannaCry, it had infected more than 230,000 computers in over 150 countries. We’ve all heard stories describing the severe impacts organizations face after being targeted by ransomware. Ransomware is a big business for organized crime rings and, as some suspect, even state-sponsored agencies. According to industry experts, it’s estimated ransomware ransacked $1B in 2016. Money, personal files, and data aren’t all that’s at risk—when a hospital gets infected by ransomware and is unable to treat patients, it can be a life or death situation.  

What are the effects of ransomware? 

Beyond extortion (paying a ransom to regain access to infected systems), viruses and malware can impact productivity and lead to loss of revenue due to outage or employees not having access to systems. This highlights the importance of backups at home and in the business. Imagine losing all your precious family photos if your home computer gets infected. Now imagine your photos are an organization’s financials, client information, or patient data. That collateral is a big deal to your business, not just for productivity, but because the impact to your company’s reputation can have financial impacts that last longer than the settlement from a lawsuit or fines imposed by governing bodies.  

How does malware infect an organization? 

Companies are faced with the challenge of how to secure their resources from malware and viruses coming from different attack angles called “threat vectors.” Attacks can infiltrate an organization via websites, email, network, and remote/mobile workers. Sometimes an attack can be caused by something as seemingly innocuous as users bringing in a laptop from home or plugging a USB drive into the corporate network.  To prevent attacks from these different vectors, it’s necessary to secure internal resources from the inside out and the outside in. The question becomes: how do you protect your network from your own employees? 

What can an organization do to prevent attacks? 

Malware and viruses are constantly evolving, so there isn’t a sole, one-step solution that protects everything. Without layers of security, segmentation, authentication, blocking, visibility, and alerting, any user can gain access to the network and malware can spread from device to device without anyone knowing. For these reasons, automated blocking and a rapid time-to-detection are important. 

There are many ways an organization can be alerted of a security problem before it’s too late. The key is identifying what the threat vectors are and having a plan in place to address them. A great and easy first layer of defense companies can very easily add is DNS protection. DNS protection can automate the blocking of malicious known links/websites via the web or email and is a great/simple first layer of defense customers can add to their network without much effort. This service is offered as a cloud-based subscription service with 1, 3, and 5-year licenses. 

Ultimately, a layered approach is the best defense. Firewalls, email protection, DNS protection and endpoint protection are all great tools for visibility and alerting. Many use user behavior analytics and artificial intelligence (AI) to flag zero-day threats. A zero-day threat is a new malware or virus which firewalls don’t yet have definitions or signatures to identify and block, hence the name “zero day” – day one is when the threat is first recognized. A layered approach which includes regular updates to your computers, intelligence to uncover current and emerging threats, visibility across all devices and ports (anywhere), and power to block (stop phishing, malware, and ransomware) early on is critical, as they make the job of the cybercriminals targeting your company and network harder and the economics less attractive.