In a 2018 Thales Survey of 1200 companies, 71% of the US enterprises reported suffering at least one data breach. And 42% of those breached this year had been breached in the past.
More companies report data breaches each year as they continue to adopt digital transformation technologies ahead of their ability to secure them properly. The survey reveals that 94% of organizations with sensitive data use digital transformation technologies like IoT, big data and enterprise cloud which compounds the problem. Today, organizations have to assume a security posture where someone has access to their data and is ready to infect their systems with malware.
Ransomware is a top variety of malicious software, found in 39% of the cases where malware was identified, according to a Verizon 2018 Data Breach Investigations Report. It encrypts or damages your files to demand ransom in return for your data.
Ransomware has become the malware of choice for cybercriminals as they are effective and easy to deploy. With off the shelf toolkits, any amateur can create and deploy ransomware in a matter of minutes. There is no need for them to figure out how to monetize the stolen data, nor is there a cost or risk involved.
As they became more widespread, ransomware attack models evolved beyond phishing emails. Ransomware like WannaCry have discovered new methods of entry; some of which require no user interaction. These evolved models make it easier to breach and harder to contain, leaving organizations exposed and always in a rush to quickly resolve or succumb to paying ransom.
Many organizations actually do consider paying ransom because they want to be able to access their files again as soon as possible. The real setback for them is downtime and the lost opportunity.
Besides the ransom paid, ransomware cost includes downtime, labor, device cost, network cost and lost opportunity. A 2017 Sophos Report, based on a survey of 2700 IT decision-makers, estimates this cost at $18.6 billion for U.S. businesses of 100 or more people in the last year.
This high downtime cost compels companies to look closely into their typical security response and to identify key challenges.
To start, let’s look at how an organization typically deals with a basic ransomware attack model like phishing.
The Verizon 2018 Report reveals that you have 16 minutes until the first click on a phishing campaign. The first report from a savvy user will arrive after 28 minutes.
After the first incident or report, the incident response team follows the playbook:
This process involves a lot of manual steps, making it unscalable and inefficient in preventing ransomware from spreading or from efficiently resolving it.
For more advanced ransomware attack models, proactive teams research online and do their best to execute patches. Here is a typical workflow the vulnerability response team follows:
As is evident in the above workflow, there is no visibility across teams, making it hard to collaborate and patch vulnerabilities. Moreover, important details slip through cracks because emails and spreadsheets are used to manage the patching process.
This workflow, again, can’t scale. During an outbreak, the time it takes to gather information and communicate can result in ransomware continuing to spread.
To minimize the downtime and damage caused by ransomware, seamless collaboration has to be established between different teams and across different security tools. This collaboration between security and IT operations teams is termed SecOps. Introducing intelligent workflows and automation can further help organizations prioritize and resolve threats quickly based on impact.
SecOps provides your security team visibility across teams and security tools. To drive efficiency, the team can then automate for repeatable responses and close the loop by passing the information to vulnerability scanner or SIM, therefore reducing the organization’s risk to ransomware.
By leveraging SecOps, you can deliver automatic and effective responses to a ransomware infected email.
WannaCry attackers were exploiting security vulnerabilities in Micsrosoft’s SMB. When notified, everyone was scrambling to apply a critical patch. With threat intelligence and automated workflows, this could have been managed better.
This is an instance of how SecOps can be leveraged to deliver an efficient vulnerability response in no time:
Hackers continue to outpace security teams with their evolved attack models. With the damage downtime does, you can’t afford a malware like ransomware. Now that you know how SecOps can help tackle these malware, here is your action plan:
Evaluate your typical response. Identify the problematic areas in your process such as cross department coordination, lack of asset and application visibility, and inability to track the vulnerability lifecycle.
INRY helps organizations win their fight against malware like ransomware. With our capability planning expertise, we work extensively with organizations to automate and orchestrate their security operations.
As a ServiceNow Elite partner, we leverage the NOW platform to drive efficiency for your security teams.
Feel free to reach out to us for a quick consultation with one of our security experts.
Please enter your email address below to get INRY Insights delivered to your inbox.
We bring the power of ServiceNow and deliver value to our clients through a consultative approach.
Get INRY to help your organization achieve your goals with our in-depth expertise and a methodology focused on incremental delivery of tangible value.
© 2020. All rights reserved. All product names and registered trademarks are property of their owners.
Latest InsightsInformation TechnologyEmployee Experience Security & RiskBusiness Operations INRY Apps