Ransomware and threats are morphing. How is Your Cybersecurity Awareness?
I remember my first IT job well over 20 years ago. Life was simple then. Everything was new and exciting. What was a threat? The only threat I remember was parking in a loading zone for more than 10 minutes and expecting a ticket. Some of the biggest threats organizations were faced with were misconfigurations and the ensuing outages. There was no such thing as cybersecurity awareness. As time went on, we started to see real threats emerge — Nimda, Code red, DOS attacks, ping of death, just to name a few, but times were changing, threat actors were becoming organized. Soon there were botnets, credit card and identity theft, and the profitability of leveraging vulnerabilities to get paid!
The Threat Landscape
Fast forward 20 years and the threat landscape has totally changed. When you think of a threat now, it has been totally redefined. Some of the biggest threats that keeps security managers up at night have come from organized crime out of Eastern Europe or emerging companies. We all worry about the next phishing campaign and user awareness. But the threat landscape is ever evolving. Loosely organized groups of Internet thugs have been very successful at tricking users into accepting emails or clicking on links which in turn unleashes a SOC’s worst nightmare. Ransomware! Even typing the word sends chills down my spine. The threat that grinds business continuity to a halt.
Secure backups no longer address the issue
Traditionally organizations have been allocating resources to backup and restoration to mitigate a ransomware attack. But is a rock-solid backup plan enough? Not anymore. Research has shown that state-sponsored threat actors decided to throw their hats into the ring and propagate ransomware for profit. But why would a country do such a thing? The answer may surprise you. With economic sanctions, limited industry, and a failing economy, ransomware may be the only form of new income to some countries. It’s been proven that North Korea has been propagating threats successfully.
Our backup is solid, if we get hit, we will just restore. A few years ago, this was a solid plan and if executed properly, there would be minimal downtime. With nation state actors allocating resources and training, these attacks have become quite a bit more complex and very effective. Ransomware no longer locks down machines and propagates throughout your organization. Ransomware now is only used to open the door. Once inside it lays in wait. Remote access tools are installed, persistence is established, threat actors move laterally until they score sensitive information that can be used to blackmail the organization into paying and that’s when they unleash the ransomware.
Security Plan Needed
How do you secure your organization against these attacks? You must have a good security plan – a plan that includes several layers, like peeling an onion back. The days of spinning up a firewall at the edge are gone. Not only must you gather logs, but these logs now must also be reviewed, if data exfiltration is in progress SOC’s must respond. It’s a new day, security practice must no longer be an afterthought. A profound analysis of organization security practices and defense in depth must be taken seriously.
Are you prepared?