Days after the attack on the Colonial Pipeline, MIT Sloan School of Management professor, Stuart Madnick, said in an interview, “I often say the worst is yet to come.” While this is not a time for pessimism, the trend certainly appears to be headed in the wrong direction. 2021 has brought significant, far-reaching cyber catastrophes: ransomware has taken down one of the largest oil pipelines in the country, the largest meat processing company in the world and the police department of our nation’s capital. Even a ferry operator in Martha’s Vineyard found itself attacked.
Meanwhile the perpetrators behind these assaults grow rich off their malicious deeds. One example is the notorious Russian ransomware gang that is applicably named, Evil Corp. The group is headed by a Lamborghini driving enthusiast named Maksim Yakubets, whose license plate spells out THIEF. Yakubets started out his criminal career extorting cafes in Moscow. Now he heads an international operation that employs dozens of people whose mission it is to extort money from organizations within 43 countries across the world. The enemy is highly organized and experienced.
One of the contributing reasons for ransomware’s success is that its creators ensure that it keeps evolving in order to improve upon itself. In what is now commonly referred to as Ransomware 2.0, hackers now exfiltrate the data prior to encrypting it. They then threaten to publicly release sensitive information or sell it on the dark web if the victimized organization balks at paying for the decryption key. That PR nightmare that may ensure could cause irrevocable damage to the brand. Of course, the real threat has always been having your data inaccessible forever. The worst instance involved an attack on the University of Vermont Medical Center in which the hospital could no longer treat some chemotherapy patients because the attack wiped out their records. The price of ransomware is far greater than just a monetary cost.
We Need a New Way to Combat Ransomware
It is increasingly obvious that ransomware is not going away and that criminal gangs like Evil Corp are growing more brazen with each big payoff. While the FBI and other governmental agencies highly discourage organizations from paying ransoms that is easier said than done. Often times, organizations are between a rock and hard place: Cave to the extorsion demands of the attackers or stay offline for days or even weeks as internal IT furiously rebuilds the network. It is growing more apparent each month that our nation and society needs a better template in how to cope with ransomware.
Even more important however, it’s time for organizations to take a “man on the moon” approach to combatting ransomware. Too often, IT uses a best of breed mentality in which a newly discovered attack demands a new attack solution. Cybersecurity vendors are all too willing to release new shiny objects to combat new threats. While these tools may indeed be effective at combatting specific cyberthreats, this practice requires internal IT to constantly toggle between an array of cybersecurity tools. According to ESG Research, 31 percent of organizations use more than 50 different security products, while 60 percent use more than 25. Now couple this statistic with a defined correlation outlined in the 2020 CISO Benchmark survey that shows how the amount of downtime attributed to a cybersecurity incident increased in lock step with the number of security vendors a company used.
The Need for a Platform Approach
It has become apparent that a single magic tool approach is not going to save us from ransomware. It is time we realized that we are in a war―a cyber war―and that we need an encompassing platform approach to deal with it. We need a system of tools that reside at all of the various layers of a multi-level cybersecurity plan. We need to eliminate the cybersecurity silos that exist across our IT estates in which security tools work in isolation of one another. What we need is an organized system in which security tools work in tandem with another in a single unified front in which intelligence is shared between them. In turn, internal IT needs to be able to monitor and manage everything from a single pane of glass. By taking a platform approach, security and attention gaps are eliminated.
Four Best Practices for Combatting Ransomware
There isn’t a magic pill to defeat ransomware. It must be done through a collaborative effort across multiple fronts using this best practice arsenal.
- Prevent the initial infiltration
Stopping ransomware from infiltrating your network is three-fourths of the battle. There are two primary attack avenues that ransomware utilizes. Those are email and internet downloads. You must be able to root out malicious email attachments and embedded links that coerce users to click on them. It’s also essential to incorporate internet security filtering that strips your web traffic of malicious code before it can take hold on a device. Cisco Cloud Email Security with Advanced Malware Protection uses analytics to identify malicious links and attachments and obliterate them before users can see them. Cisco Umbrella with DNS and IP layer enforcement stops ransomware and other malicious code from making its way from the internet over all ports and protocols. What’s more, these two tools operate in in cohesion with one another to eradicate invading ransomware at its initial stage.
- Fortifying the Perimeter
Perimeter security solutions such as Cisco Firepower Next-Generation Firewall (NGFW) are required today in order to deliver comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.
- Endpoint Protection
You must arm your endpoints in this battle. That means more than relying on the signature-based antivirus solutions of yesteryear. You need intelligence-based systems supported by analytics that continually draw data from millions of endpoints across the globe as reconnaissance. Cisco Advanced Malware Protection for Endpoints can stop ransomware files at the point of entry for every client device and server on your network.
- Complete Visibility
You can’t fight an enemy you can’t see and you can’t protect things that aren’t visible. Cisco SecureX provides a single pane of glass interface that gives your IT team complete visibility of the battlefield at hand. SecureX is built into the Cisco Security solutions you already have so there is no need for rip-and-replace components. SecureX simplifies and unifies your security infrastructure in such a way that 95 percent of customers report that the solution helps them quickly take action and remediate threats.
Partner with WEI & Cisco to Combat Ransomware
And finally, you need a comprehensive backup solution that incorporates both on-premises storage as well as cloud-based. Yes, it’s a multi-front approach, but it’s a multi-front war out there and in order to win, you need to be allied with a vendor that has a comprehensive strategy to win. The Cisco security platform is more than a tool set. It’s an across-the-board solution set that provides blanket style security across your entire IT estate. Yes, there is hope in defeating ransomware. In this case, hope is spelled C-I-S-C-O.
Next steps: See how Cisco SecureX is bring unparalleled visibility to the enterprise in this quick demo video.