Ransomware activity has increased in 2021, including targeting government agencies, infrastructure – and software companies. Ivan Paynter, National Cyber Security Specialist, Intelisys, a ScanSource company, shares information on the current ransomware threat, how we got here and what you can do to protect your business.
What risks do businesses currently face from ransomware?
Paynter: The recent major cybersecurity attacks like the Kaseya VSA attack and the Colonial Pipeline hack have underscored that all businesses, and the valuable intellectual property they possess, face a ransomware threat. For all businesses and organizations, ransomware should be a major concern and protecting your organization should be a top priority for IT and cybersecurity leaders.
Cybersecurity threats can both disable businesses and cause harm to the company’s brand. Businesses that are susceptible to hacks risk losing the trust of their customers and crippling the functionality of their business operations. In addition to brand and business operations costs, cyberattacks can be massively expensive to deal with. Companies are liable to be subject to a ransom, they’re liable for the data that was exposed, and even if they don’t pay ransom, they have to pay for a backup plan, restoration, and compliance costs. Attacks can absolutely put companies out of business. Additionally, the majority of states now have compliance laws dealing with ransomware, and these can be extremely costly to a company.
When did the ransomware threat begin?
Paynter: Ransomware is relatively new, entering the cyberspace in 2015. Meanwhile, malware has been around since the 1980s. The proliferation and monetization of malware have brought vast amounts of ransomware attacks, turning it into a business. One of the most famous attacks was in 2016 at Hollywood Presbyterian Medical Center, where the hospital was completely shut down and couldn’t function until they paid a ransom to have their systems restored.
At Intelisys, when we defend customers against additional cybersecurity attacks, we and our suppliers do a deep dive to make sure that no additional malware is planted during an initial attack. Many entities that pay the initial ransom can suffer secondary attacks if they don’t do the proper due diligence to go through and protect every single device. For the most part, security used to be an adjunct to general IT operations. Now, the thought should be protection first.
What are the most common attack vectors?
Paynter: There are both new and previously used exploits in the wild. The greatest method of infiltration is via email, and “spear-phishing” is becoming more and more prevalent. Normally, phishing emails are pretty easy to spot. For example, you might receive an email about receiving a large amount of funds where the sender requests wire information, a birthdate, and your social security number. However, attackers are becoming smarter. Employees and individuals must look for something unusual or obtuse. It may be as simple as a link, a slightly misspelled word, or an unusual sender. I always say, don’t trust anything unless you can verify and authenticate.
Luckily, there is a vast array of tools that can monitor incoming phishing attacks, the ones that come through an email gateway. However, IT leaders must train their organizations on how to be diligent against attacks. Since the majority of successful attacks infiltrate through email, a combination of solutions, services, and training can go a long way in lowering an organization’s likelihood of being attacked.
Although email is one of the greatest attack vectors, everything must be looked at. If a hacker is intent upon attacking a single entity, they have nothing but time and will eventually find an attack vector. It is imperative to have up-to-date and diligent password policies, security scans, and end-user training so that cybercriminals don’t find an entry point. A holistic security approach is always required.
Can a business defend against ransomware?
Paynter: Effective IT security doesn’t necessarily require a specific cyber solution but rather an in-depth defense. First and foremost, the problem lies between the keyboard and the chair. I call these “human firewalls.” Security training is number one. Organizations must train their employees and users to remain vigilant toward anything suspicious, such as scams, fraudulent emails, or even physical threats, such as the food or package delivery service. IT departments play a critical role in training all employees to be more vigilant.
It’s also important to consider implementing some sort of email gateway filter. Additional problems occur when we go mobile — where we’re mixing company and private mail. We have the tendency to click quickly. We all need to slow down, verify incoming requests, and be cognizant of what we are clicking on and what data we give away for free. Lastly, backup and disaster recovery programs are a must. Response testing, on-prem, cloud and hybrid monitoring, backup and disaster recovery, user training, mobile data management, and facial recognition are security solutions and services that all companies should consider.
What advice can you give software developers to protect their data and help protect their clients’ data?
Paynter: There are five things software developers should always keep in mind when they are thinking about the ransomware threat and data protection and cybersecurity.
- Think like a hacker. The lowest hanging fruit will be plucked first.
- If you leave it open, “they will come.”
- If you leave it unpatched, “they will find and use an exploit.”
- The cloud is not inherently safer.
- Don’t ever think you will not be compromised. It’s no longer a matter of if, but when.