Ransomware is dominated by international crime syndicates
These syndicates are tolerated and sometimes supported by nation states, and possess technical skills and resources that exceed the defensive capabilities of almost any business, and often operate franchises that offer “Ransomware as a service”.
All software and hardware contains bugs and security vulnerabilities, and the entire supply chain can be exploited by potential attackers, which means most systems are almost impossible to protect, unless they have been explicitly designed for security from the ground upwards.
There are lots of software products that claim to protect users from Ransomware, but in reality most only address very specific vulnerabilities and are totally ineffective against others, so they generally provide a false sense of security in most deployments.
The entire IT industry is based upon transparently enabling access to information across systems, which almost by definition means eliminating any possibility of those systems being secure, so the challenge of creating secure business systems is much more fundamental than people imagine.
Ransomware attacks start by gaining access to one or two systems, often by persuading users to perform unsafe actions, then search for access credentials and spread to other systems, and start stealing data by siphoning it into external clouds, before actively destroying all backups, and encrypting or deleting the data in preparation for the ransom demand.
Crime syndicates are in the business of finding creative ways to extort money from their victims, and they are becoming increasingly aggressive and sophisticated in their attacks and extortion strategies, performing extensive analysis on the stolen data to identify new opportunities to extort payment, and actively targeting not just the business, but also customers, staff, and suppliers for decades.
The situation isn’t hopeless, but it is challenging, and we know from the daily news reports that even the largest businesses and government departments regularly suffer from serious security breaches, so anyone claiming to have a quick fix solution is likely to be overstating their capabilities.
The NIST Cyber security framework includes 5 functions: identify, protect, detect, respond, and recover, which are required to protect against Ransomware and other cyber-attacks, and commercial products typically focus on a small subset of these functions.
Cyber-attacks can manipulate data to achieve physical effects in the real-world, such as causing money to be transferred to unauthorised accounts, forcing safety critical equipment to malfunction, or manipulating the business decision making process of the business, where real-time detection, response and recovery may very practical and desirable.
Recovery from the data theft element of Ransomware is generally impossible for a business, which means that identifying potential risks and protecting the business against them is crucial, so we recommend focussing on these functions first, but you must not ignore the other functions.
Our cyber research for UK government demonstrated that it is generally more cost-effective to create a solution that is designed to be Secure by Default than trying to add security to existing systems.
Item added to cart