Why Teamwork Makes the Anti-Ransomware Dream WorkWhy Teamwork Makes the Anti-Ransomware Dream Work
It takes a village to protect customers from sophisticated attackers.
July 26, 2018
Heading into 2019, ransomware remains the most common type of malware targeting your customers; some form was found in 39 percent of malware-related data breaches, according to Verizon’s annual Data Breach Investigations Report. And while some attackers are moving to cryptomining, cybercriminals employing ransomware are getting more targeted, creative and devious, introducing ransomware-as-a-service models and taking aim at particular verticals, like health care and government. Despite increased efforts from IT security teams to thwart attacks, Cybersecurity Ventures has predicted that damages will exceed $6 trillion by 2021.
What goes into that figure? There’s the cost of the ransom itself, of course, but the financial implications don’t end there. Profits and productivity are affected every minute that employees can’t access mission-critical information. Even when systems are back up and running, the negative impact to the business often continues. Once customers are affected or the press gets wind, the impact of an attack can snowball into an even bigger crisis. Take the recent Ticketfly attack, for example. The company was forced to take its systems offline after a ransom demand, which severely affected both venues and ticket buyers. The systems were down for several days, resulting in an onslaught of negativity around their cyber preparedness levels. This incident may have a long-lasting impact on Ticketfly’s profitability and ability to maintain client trust.
Unfortunately, there’s no silver-bullet solution to defend against all the different ransomware variants, though a set of solid best practices can make customers much safer. In addition, partners should seek out vendors that currently collaborate with, or are open to working alongside, other organizations to improve their products or services. Take a hard look at any supplier that says its products are all you need to protect customers. Collaboration is key, particularly between data protection and IT security providers.
Who’s Responsible for What?
Service providers can help their customers avoid Ticketfly’s fate by first helping them understand the differences between a data protection and an IT security provider. While they are closely connected, the terms are not interchangeable. IT security involves a combination of techniques and technologies for defending company assets. This can include security-awareness training and simulated phishing attacks as well as traditional security measures including encryption, key management, firewalls, passwords and much more.
Data protection safeguards corporate information through data backup and replication. Having a combination of these two technologies can help ensure networks are defended against malicious cybercriminals, while also making sure data is backed up so it’s still available in the event of a natural disaster or good old-fashioned system failure.
Work with vendors that understand their offering is only one part of a comprehensive security plan, and are willing to work with you to identify compatible vendors/partners to provide a more holistic solution for end-user customers. In doing this, you ensure you’re offering clients a seamless user experience and improved IT resiliency. Customer expectations are higher than ever, and it’s become just as – if not more – important to deliver a consistently positive experience.
In our experience, line-of-business decision-maker expectations don’t necessarily match up with their IT team’s ability to deliver high availability; therefore, IT leaders will be looking to partners for …
… new solutions that can make chaotic scenarios appear as nothing more than a glitch to end users.
Collaborative efforts between data protection and IT security providers, such as coalitions like Ransomware Watch, can help make this seemingly far-fetched goal a reality through a multi-pronged ransomware protection strategy:
Security awareness training: Cybercriminals know that end users are the weakest links in the attack chain. Many ransomware attacks are cleverly sabotaging organizations by tricking unsuspecting individuals with sophisticated phishing scams and social engineering. Employees are key to defending networks, forming a human firewall as it were, so educating them on how to spot phishing scams and ransomware should be a priority. Training needs to be followed up with frequent simulated tests to keep users on their toes.
Endpoint security: Offer customers a multilayered endpoint-security ecosystem to secure email, detect intrusions and secure mobile devices against anyone trying to infiltrate the network perimeter. Ransomware is often spread through technical means (such as unpatched machines, misconfiguration or poor security practices). Knowing this, it’s critical that partners stress the importance of patching systems and deploying next-generation firewalls, robust email filters and network segmentation.
Backup and recovery: While security-awareness training and endpoint security will stop some attacks, it won’t prevent them all. And often attackers can’t or won’t decrypt data even if customers pay the ransom. Attackers can be rendered powerless with backup and recovery solutions. Data-protection providers can assure backup redundancy onsite, offsite, offline and in the cloud, and can continuously test and validate backups to make sure they aren’t also infected. Often, companies that pay ransom have issues restoring their data because they didn’t have isolated backups, or they find that it takes too long to successfully restore systems. For this reason, you need to be able to help clients with data restoration, including regular testing, in addition to defending the network perimeter.
Finally, if you lack expertise in these areas, don’t shy away from reaching out to other partners with relevant practices; many MSPs are rebranding as MSSPs and looking to offer consultative services. Collaboration isn’t just for providers. In the event disaster strikes, customers will want to know they’re protected on all fronts, including everything from identification and notification, all the way to remediation. By choosing data protection and IT security providers who are open to teaming up to provide a full suite of security offerings, you can offer a higher level of service to customers to make sure ransomware attacks don’t cripple the business and impact long-term profitability.
Erich Kron, security awareness advocate at KnowBe4, is a veteran information security professional with over 18 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP, CCENT and ITIL v3 certifications, among others. He has managed the technical integration and functional testing of multimillion-dollar enterprise level technology projects within the Department of Defense, as well as large military security programs.
Read more about:Agents
You May Also Like