Ransomware attacks are getting smarter and more likely with a 715% increase in attacks on organisations over the last year. With 4% of company data unrecoverable (Source: Gartner); it is time to take the upper hand. Business transformation and agile ways of working create more openings for malicious attacks on your business.
For years, the defense against cyber-attacks has been to enclose all your data and devices within an impenetrable wall. When all your online activity took place in one central location, this was an effective practice.
However, the digital estate of the modern business is no longer centralised. Your employees and partners expect to be able to access your organisation from anywhere, without affecting productivity. While your customers expect personalised experiences that show you understand them.
Companies that are adapting and embracing this new market are thriving. But, if there is no longer an ‘outside’ and an ‘inside’ to your business, how can you remain protected by one line of defence? In this article, we learn how to take the fight to your would-be attackers.
What is a perimeter-based defence?
Businesses traditionally enclose all of their data and devices within a perimeter, comprised of a combination of firewall, email scanners, web filtering solutions and endpoint security agents. This attempts to screen everything that comes into the network then blocks or removes anything that is flagged as malicious. The business should then be able to trust that it will keep out invaders and that all activity within it is safe. But following digital transformation, this is no longer the case.
Why is it no longer enough?
Digital transformation, for all its fantastic benefits, requires a major shift in multiple areas of an organisation’s infrastructure. Not least security.
A modern business consists of multiple endpoints, often managed by public cloud providers, and employees accessing their organisation off-site. It also incorporates countless new devices and technologies that were never taken into consideration when perimeter-based defences were first designed.
This means that malicious activity has more chances than ever to break in. If something fools your firewall or finds a way to escape detection on the endpoints, then it has breached your defences and infiltrated your system. And, with many leading antivirus software solutions unable to detect new variants of ransomware for sometimes as long as 4 weeks – with attacks corrupting up to 7000 files per minute – the consequences could be disastrous.
What is a ransomware attack?
Financially motivated criminals use ransomware to attack your data. The average cost of an attack is €150K (Source: Gartner).
If they successfully infiltrate your system, the ransomware begins to encrypt files so you can no longer access them. This process doesn’t alter the file names. Therefore it is hard to see which files have been corrupted and which haven’t. They then hold this information hostage, demanding payment for its return.
What are the potential consequences?
Typically, it can take hours or even days for an organisation to realise it has been subject to a ransomware attack – by which time much of the network may have been compromised. Criminals also often choose to attack weekends when staff are not around to react.
The attackers would also have had enough time to access your datacentre and steal private intellectual property. And this is exactly what they would use to negotiate payment for release.
The attack will cause massive disruption to your services and people’s productivity, as necessary files become lost. You also may become subject to legal difficulties if the attacks access your customer’s personal data, as well as suffering a loss of revenue and reputational damage. However, submitting to the attackers is an unwise end. This encourages them and funds future attacks.
The solution? Containment.
If your system is infiltrated, you need a proactive solution to defend it. Our human immune system is a great metaphor for this: if we’re unlucky enough to fall ill, our white blood cells rush to the rescue and fight off the infection.
This, broadly speaking, is how a containment-based defence system works for your business. It supplements your firewall, network and endpoint security by quickly identifying and containing ransomware outbreaks that have passed all other security tools undetected, stopping it from spreading and highlighting affected files for easy recovery.
With ransomware attacks increasing by 195% year on year, it’s getting ever more important for public and private organisations to prepare themselves for tomorrow, not for yesterday.
How Containment works.
Containment solutions are designed to put you on the front foot, stopping any ransomware that manages to break through your perimeter and endpoint defence head-on, before they take a hold in your system.
Using built-in scripts, they shut down compromised devices and disable the user in the Active directory to contain any intrusion, locking down any devices that have been infected.
The most effective products currently on the market are militarily graded – such as Ricoh’s Cyber Security Practice, currently used by both the US and UK governments – which offer both managers and IT teams the very highest level of confidence against ransomware and cybercrime.
Taking the proactive approach.
Not only is taking the proactive approach the best way to defend against ransomware attacks, it’s easy to implement too. Containment solutions can take as little as four hours to be installed, and it can be done either on-site or remotely in a non-intrusive fashion – meaning minimal disruption to your teams and business.
Protect your business and your people from ransomware attacks.
Current responses by perimeter and endpoint-based solutions are confused and limited. Victimised businesses can’t trace the source of the damage, and infection is most often eventually identified by an employee, but far too late.
A containment solution provides an automated technology that reacts instantly, as soon as a ransomware outbreak is activated in your environment, so only a single device and as few as 10–15 files are affected before the outbreak is fully contained.
When perimeter or endpoint-based protections fail, containment won’t. They enable your IT team to offer an immediate, fully-automated response to any attack.
Not only does this give your perimeter and endpoint defences the support they need, it means that uptime on your network can be maintained, with all business processes working as usual.
And you can also rest assured that you won’t get caught up in the media storm caused by the negative press that surrounds these attacks.