Ransomware attacks are on the rise, their increased success rate due to lax security teams. Most successful attacks can be thwarted with basic cybersecurity practices.
Cyber attacks have dominated the headlines for months, specifically ransomware attacks. To refresh, a ransomware attack happens when a threat actor gains access to business systems and encrypts them until a ransom is paid. Once the ransom is paid, the bad actor sends a decryption key. Well, they’re supposed to, but criminals tend to not care about rules or keeping their word, so there’s never a guarantee that paying a ransom will work. Still, it’s an effective method in many cases. While threat actors are certainly to blame for the rise in attacks, the reason the success rate is rising falls on the shoulders of security teams.
Don’t misunderstand, security teams around the world are vastly overworked. We’ve discussed a shortage of developers in the past, and security is not exempt. Hackers know this, though, which is why ransomware attacks are often successful. However, it is really not an excuse to not apply updates as they are handed out. In many cases, updating systems and software requires a handful of mouse clicks or a few commands and letting the machine do the rest. Updating really doesn’t take much time for the person behind the machine, although the machine may take some time to update depending on how critical and complicated the problem is.
So then what’s the problem? Why are so many businesses behind on patching and updating? There are two reasons: 1. Security teams have become lax about updating, and 2. Updates are not prioritized as part of the security strategy.
Recently, Tech Radar interviewed James Turgal, current VP of Cyber Risk, Strategy and Transformation at Optiv Security and former executive assistant director for the FBI Information and Technology Branch (CIO). During this interview, Turgal suggests that the reason companies end up in a “pay up or perish” position is due to cybersecurity malpractices that make them prone to such attacks. Turgal says the most common mistakes he sees are not having a patching strategy, not understanding what normal traffic looks like on their networks and/or relying on software tools, and relying too much on backups.
Every business should have a patching strategy. When there are critical updates for systems and software, it is imperative that those updates are applied as soon as possible. Many of those older businesses which have not had to keep up with security in the past and rely on legacy tech, or those which have simply built new technology atop old technology without proper modernization/configuration are now dealing with the repercussions of those actions. Any business that has on-site tech or infrastructure, regardless of age, should be looking to modernize and move to the cloud. Or, at the very least, should be updating that tech with the most recent updates.
We have often said that you have to know what normal is within your business. When is peak traffic time? What areas of the globe should never light up as active in your business? Who has access to what systems? Are you suddenly using more compute or is that expected? You have to know what is normal before you can diagnose what is abnormal. When you know what normal is, it becomes much easier to triage a situation and determine where the problem is. This also means that you get human eyes on it and a human knows what is normal because relying solely on software tools can be ineffective. Tools can be misconfigured or overlap in ways that aren’t effective. A threat actor could figure out how to mimic or not cause a huge disturbance in traffic activity, but a human has the advantage of knowledge and can alert the appropriate parties when something is amiss.
Relying on backups isn’t a security strategy. Especially when those backups are misconfigured or not segmented from the network, which means they aren’t truly protected from threats. A backup will restore systems to a certain point in time, when configured and segmented properly. A backup is not going to protect your business from threats, it will simply make restoring everything a little bit easier.
Besides some of these technical things, businesses should also be investing in their employees with regular cybersecurity training. They should know how to recognize a well-designed socially-engineered phishing scheme and where to report it. They should know not to click links in emails, to thoroughly verify customers and clients over the phone before disclosing any information, and they should know how to protect their personal devices to help prevent credential stealing.
Yes, security teams are lax on updating, but it’s not entirely their fault. There’s been a long-standing culture of putting security and updating on the backburner, and culture is hard to change. Security teams are often in the position of telling another team they need to update, but having no means to enforce that it happens. But as cyber attacks rise and more ransomware attacks become successful, businesses are learning that this is a problem and are putting a bigger focus on security. The one key thing for business leaders to remember is that security involves every single employee, not just their IT team. These attacks can be prevented, for the most part, with basic cybersecurity practices. Implementing those practices will go a long way toward keeping our businesses safe.