Cyberattacks against mid-market and enterprise organizations are on the rise. From man in the middle (MitM), distributed denial-of-service (DDoS) and SQL injections, to zero-day exploits and phishing, cyberthreats are getting more sophisticated, more prevalent and more costly. But one type of cybercrime reigns supreme: ransomware.
Not-so-fun facts about ransomware today:
- Ransomware cost the world $20 billion in 2021. That number is expected to rise to $265 billion by 2031.
- In 2021, 37% of all businesses and organizations were hit by ransomware.
- Recovering from a ransomware attack cost businesses $1.85 million on average in 2021.
- Out of all ransomware victims, 32% pay the ransom, but they only get 65 percent of their data back.
- Only 57% of businesses are successful in recovering their data using a backup. Source: Cloudwards
COVID-19 is not the only pandemic to emerge and gain a global stronghold as we push on into the 2020s. Ransomware has its tentacles everywhere. No network – corporate or personal – is immune. The financial damage being inflicted, especially at the corporate level, is only getting more and more severe. It has the potential to bring some institutions to their knees and send ripples through the global economy, eventually impacting the everyday consumer.
If we’re to right the ship, the castle walls around our ever-expanding networks must become stronger, more dynamic and more intelligent. It also requires vulnerable entities to step into the realm of psychology. What’s motivating these threat actors? What do we as an organization have that they want?
Stopping Ransomware Just as we wear masks and get vaccinated to protect ourselves from the threat of contracting COVID-19, we must take the proper precautions to limit or eliminate the possibility of a ransomware attack.
Know Your Enemy For most companies, the enemy (or hacker) just wants money. More rarely, they’re after corporate data for some personal gain – again, that could be to sell it or leverage it for other malicious initiatives that could be politically or ideologically motivated. Even more rarely, they’re just looking to tarnish your brand’s reputation.
Regardless of their intent, however, there is one simple commonality: they want to breach your network through clandestine means. The emphasis is on the network even if that network is not physical. Today, it doesn’t need to be. In 2022, your network is merely where your corporate endpoints are in use, and ultimately where data accessed via those devices is stored.
The attempt to understand the enemy has given rise to threat intelligence services that can help you profile your attackers. Such tools can determine whether these individuals have a hold on your network, endpoints and/or users. But threat intelligence alone isn’t enough – organizations need to know themselves, which requires a unified stack of security technologies and tactics that when deployed in conjunction with one another can thwart even the most sophisticated ransomware attack.
Know Your Organization Corporate endpoints serve as the initial entry points to any corporate network. These devices store proprietary, sensitive data – the hostage in this hostage taking scenario. To effectively secure the network requires instituting a bevy of endpoint security measures as part of a larger security posture strategy. Frameworks such as the CIS Critical Security Controls outline these best practices.
Ultimately, however, organizations can start with these basics:
- Use Multi-Factor Authentication (MFA) when possible; discourage the use of corporate applications that do not allow for MFA activation; use a password manager when MFA is not available.
- Have a mechanism to isolate any infected machine in use across your network to prevent lateral movement and further spread. Network access control (NAC) solutions have been purpose-built to do just this.
- Employ an email content inspection software that proactively inspects all links and attachments within incoming emails; this aids in stopping malware via phishing attempts.
- Deploy an Endpoint Detection & Response (EDR) program on all machines – managed devices, BYOD & IoT / OT – that runs 24/7 with automatic system updates.
- Ensure you’ve instituted proactive device remediation for all connected endpoints that can automatically update firewalls, antivirus and VPN services in use. NAC also incorporates this functionality.
If you follow those principles, you can win every battle. As legendary military strategist Sun Tzu wrote in his classic work, The Art of War: “If you know the enemy and know yourself; you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
| Cloud Native | Faux Cloud | |
| Infrastructure | Provided, paid, and managed by the vendor; mostly invisible to anyone utilizing the service | Provided, paid, and managed by you through your own AWS or Azure account |
| Implementation | Quick time to value; much of the work is invisible to you | Depends on the complexity of the app, but it is your responsibility to do the work or pay someone else to do it |
| Pricing | Subscription with lower up-front cost | Perpetual license with expensive up-front cost that are amortized over time.
(Note: many vendors are moving away from perpetual licensing for on-prem or faux cloud products, but as they do, their customers are getting the worst of both worlds – paying more annually while still being responsible for on-going maintenance of the product) |
| Total Cost of Ownership | The price of the product reflects the genuine cost of ownership | The price of the product is only one (and sometimes only a small) part of the total cost that is reflected in the staff time and public cloud expenses; in many instances, you may not even know what it is going to cost you until it is too late |
| Vendor Lock-In | Easy to switch to another vendor should your business needs change | Expensive license, deployment and maintenance costs make switching prohibitive, often for years |
| Access | Access anywhere via browser with internet connection | On-premises model often requires access via VPN
(Note: what happens when there is a problem with your solution and your VPN is configured to use your on-premises system? Sounds like someone is driving into the office!) |
| Scalability | Automatically scales with usage | Customer must increase capacity to keep up with usage |
| Updates | Vendor regularly updates the underlying components such as servers, databases, etc. This process will often be invisible to you. | You are responsible for ensuring that the entire tech stack – components, databases, servers, network – is updated with the latest patches |
| Upgrades | You seamlessly and transparently reap the benefit of new features, enhancements, and other improvements with zero effort | Any upgrade requires you to install, test, and then deploy the upgrade in production, often during nights and weekends in case something goes wrong |
| Accountability | The vendor takes ownership of the uptime and security, performance, and availability of the service | Apart from the infrastructure as a service, you are on the hook for the performance, health, security, and availability of the solution, lock stock and barrel |
Cloud Native
Infrastructure
Provided, paid, and managed by the vendor; mostly invisible to anyone utilizing the service
Implementation
Quick time to value; much of the work is invisible to you
Pricing
Subscription with lower up-front cost
Total Cost of Ownership
The price of the product reflects the genuine cost of ownership
Vendor Lock-In
Easy to switch to another vendor should your business needs change
Access
Access anywhere via browser with internet connection
Scalability
Automatically scales with usage
Updates
Vendor regularly updates the underlying components such as servers, databases, etc. This process will often be invisible to you.
Upgrades
You seamlessly and transparently reap the benefit of new features, enhancements, and other improvements with zero effort
Accountability
The vendor takes ownership of the uptime and security, performance, and availability of the service
Faux Cloud
Infrastructure
Provided, paid, and managed by you through your own AWS or Azure account
Implementation
Depends on the complexity of the app, but it is your responsibility to do the work or pay someone else to do it
Pricing
Perpetual license with expensive up-front cost that are amortized over time.
(Note: many vendors are moving away from perpetual licensing for on-prem or faux cloud products, but as they do, their customers are getting the worst of both worlds – paying more annually while still being responsible for on-going maintenance of the product)
Total Cost of Ownership
The price of the product is only one (and sometimes only a small) part of the total cost that is reflected in the staff time and public cloud expenses; in many instances, you may not even know what it is going to cost you until it is too late
Vendor Lock-In
Expensive license, deployment and maintenance costs make switching prohibitive, often for years
Access
On-premises model often requires access via VPN
(Note: what happens when there is a problem with your solution and your VPN is configured to use your on-premises system? Sounds like someone is driving into the office!)
Scalability
Customer must increase capacity to keep up with usage
Updates
You are responsible for ensuring that the entire tech stack – components, databases, servers, network – is updated with the latest patches
Upgrades
Any upgrade requires you to install, test, and then deploy the upgrade in production, often during nights and weekends in case something goes wrong
Accountability
Apart from the infrastructure as a service, you are on the hook for the performance, health, security, and availability of the solution, lock stock and barrel
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。