Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA)

"Speed and simplicity: these are the keywords to overcome the enemy."

Ransomware attacks

Ransomware is a malicious code that blocks or encrypts the contents of a device and requests a ransom to restore data access. By devices, we mean not only mobile phones and computers but also servers and Internet of Things (IoT) devices. Therefore, if a ransomware infection occurs (and there is no data back-up), the company may lose, for example, access to invoices, customers, and intellectual property. The infection can also lead to stagnation of the company's level of work or a complete halt in production. Depending on the specialization of the company or organization, their clients may also suffer, which may ultimately result in their loss in favor of a competitor.

Companies and organizations identify ransomware as their biggest security issue; the reason why it is classified as such is not necessarily due to the high prevalence of this type of malware, it is seen as the number one enemy because of highly publicized attacks, such as WannaCry and NotPetya, which caused billions of dollars in damage, appearing in articles around the world. Thus, even a person who did not experience a ransomware infection perceived it as a serious threat.

Email remains the most commonly used medium for ransomware distribution.

While ransomware infection often begins with a click on a suspicious link or a bogus invoice, e-mail remains the most commonly used medium for distributing this type of attack in a two-step process. The first step is to send a download file, followed by ransomware as a secondary infection.

To combat these scenarios, use products such as Mail Security and Endpoint products, cloud-based sandboxing technology and Machine Learning models to detect the latest types of threats. So that in the end, as a result, attachments that have been classified as malicious are removed and the recipient receives detection information.

The need to increase the awareness of security among employees.

It is not yet clear whether the attackers' proficiency or the employees' negligent security habits make ransomware attacks successful in a company. There are different types of ransomware, whether sophisticated or not. The risk of getting infected with it is just one of the reasons why companies should focus on training employees about potential threats, and what to do if they have already acted incorrectly.

What should not be forgotten is the role of the IT staff responsible for the overall state of the system. What caused the spread of WannaCry? Operating systems without security patches. The attackers exploited a known vulnerability, so the only action that companies had to take in terms of prevention was to "get vaccinated" against the infection, that is, to install the available security patches.

Inadequately allocated investments in security.

Companies should examine whether senior management has implemented the right measures that make a positive contribution to global security. We are seeing a tendency of some companies to spend hundreds of thousands or even millions of dollars on various advanced solutions, but not a few thousand for well-trained people to take responsibility for implementing and managing security measures in a network. Monitoring and applying critical software patches requires specially trained staff. Companies often choose to accept the risk of certain weaknesses because they do not expect a ransomware attack to happen.

With the risks of such inadequate implementation, prioritizing the implementation of multi-layered security should be paramount.

Global coverage should be the first goal of any good IT security strategy. This starts with reliable multi-layered endpoint protection, combined with regular maintenance and security best practices.

John Giordani
Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA) ​