The ransomware battle continues: Why nothing has changed
An attack every 11 seconds. A $200,000 average ransom demand. A total of $20 billion in damages worldwide. Two-thirds of enterprise security executives identify ransomware as their top security concern. A $10 million presidential reward.
Ransomware continues to ravage global businesses, government agencies, and everyday citizens of the world. Yet organizations continue to rely on the same tired, outdated, and frankly, archaic cybersecurity measures to try to stop this evolving threat.
This begs the question: If ransomware is known to be so destructive, why haven’t organizations evolved their security strategies to stop ransomware in its tracks?
Unfortunately, it all comes down to money and how companies assess risk in today’s hypercompetitive marketplace. When a company is breached, its leadership typically has two options. They can hire a cybersecurity firm to try to recover their data and take back control of their systems—a disruptive process that could take weeks or months. Or they can simply pay the ransom—often a fraction of the cost of remediation. Most organizations take the second option, handing over whatever amount the attackers request, filing an insurance claim, and chalking the entire incident up to the cost of doing business today.
The long-term effects of a ransomware attack on today’s businesses can be devastating. Consumers have nearly unlimited options for where to spend their money, and brand equity and customer experience are often their top criteria. Any organization that is willing to disrupt their customers’ experience or put their personal data at risk is playing with fire. Given increasing competition and shrinking margins, companies need to eke out as much revenue over the lifecycle of each customer as they can, forcing companies to focus on retention over acquisition. This requires brand loyalty—something that can be lost in an instant if customer data is compromised. No amount of insurance can protect your brand equity in the aftermath of a public relations disaster.
The evolving natures of ransomware syndicates and ransomware as a service are also raising the stakes. It used to be that attackers would hijack your systems and then relinquish control once the ransom was paid. However, today’s increasingly sophisticated threat actors are using that control to exfiltrate your data as an additional inducement. In addition to downtime and a hit on your reputation, you now have to worry about sensitive information going public and getting into the hands of your competitors or being sold on the black market. How do you put a price on that?
Prevention vs. Detection
It’s clear that the only way to protect your organization from these criminals is to prevent the attacks from happening in the first place. The problem is that traditional detect-and-remediate approaches to cybersecurity are inherently flawed. The moment a ransomware attack is detected, it’s too late. Your systems have been compromised, the attackers already have what they need, and no amount of remediation is going to turn back the clock to unwind the damage. You’re cooked.
Organizations need to take a proactive approach to stopping ransomware attacks before they infect systems. This requires adopting a Zero Trust cybersecurity strategy that’s powered by isolation. The concept of Zero Trust assumes that all traffic—inbound and outbound—is inherently bad. Instead of making an allow-or-block decision at the point of click, organizations can block known threats and isolate everything else in a remote browser in the cloud. Moving the fetch-and-execute commands off the endpoint acts as a fail-safe technique that cuts off access to users’ devices—preventing ransomware from getting a foothold in the network.
Key Takeaways:
- Focusing your cybersecurity strategy on a detect-and-remediate model is almost like waving a white flag. Instead, the key to stopping ransomware in its tracks is prevention, so focusing the attention of your security organization on threat prevention is the key.
- Taking a Zero Trust approach should apply to the access granted both to individuals within the organization and to content (i.e., not trusting any content coming into the organization). This removes any threat—such as ransomware—in a proactive and preventive manner. Rather than create a barrier for employees, you’ll find it’s more important to deploy technology and implement strategies, such as Zero Trust, that operate in the background while workers go full-speed ahead.
- Putting an emphasis on securing work where it happens is the most effective strategy. Employees spend more than 75 percent of their time using a web browser during the workday. Additionally, over 90 percent of cyberthreats enter organizations through the web or email. To protect productivity, hone in on the areas—the web and email—that need the most attention.
To bolster your knowledge of the topic, download Gartner’s latest report that highlights how you can proactively protect your organization from ransomware attacks, and be sure to view our infographic that showcases responses from a recent global Twitter poll on ransomware.
The post The ransomware battle continues: Why nothing has changed appeared first on Menlo Security.