Here’s a sentence that hasn't been written too often. It's one that is music to the ears of security pros and the organizations for which they work:
"There is some good news about ransomware."
Ransomware of course is an existential threat in which a computer or computer system is taken over by hackers who prevent access to files unless a ransom is paid. The good news is that the FBI's Internet Crime Complaint Center said that last year ransomware attacks fell. The reduction was not incidental: 2,673 attacks were reported in 2016 and 1,783 last year.
That's quite a decline. It’s no reason to relax, however. Indeed, the reason the number of incidents went down may be because people and the organizations for which they work are doing a better job of fighting against this type of attack.
Statescoop points out that the IC3 focuses mainly on individuals and not the corporate entities that presumably are a better target for ransomware exploits. That doesn't change the fact that there was a reduction in attacks since the IC3's mission presumably didn't change between the two reports. The possibilities are that ransomware was less of a problem last year or that it has more fully moved to the corporate sector that is not looked at as carefully by the IC3.
In either case, the prudent approach is to redouble efforts: If ransomware is on the run overall, the goal should be to put the pedal to the metal and accelerate the reductions. If attackers simply are concentrating more fully on the corporate sector, it behooves this target group to continue building defenses.
There are a lot of things that an organization can do.
A Sentryo post leads off with the idea that companies should create reliable backups. Obviously, the existence of another copy of vital documents avoids the worst case scenarios. No doubt, ransomware will be disruptive and a nuisance in any case. That is infinitely better than a full blown crisis. The post also counsels companies to create effective security policies, map the network to make recovery easier, create incident recovery plans and take steps to build a culture that promotes computer hygiene.
Pete Shoard, a research director at Gartner, offers great ideas on protecting the organization at the company website. The mostly technical advice includes running regular vulnerability scanning, disabling unused and nonessential services and keeping the network patched and up to date.
An especially interesting point is that companies need to get a handle on "shadow IT," which is the universe of devices and systems that are used in the enterprise without the approval or in some cases the knowledge of IT. Gartner projects that one third of attacks will occur via shadow IT, which the firm points out includes the IoT, by 2020.
The message is pretty simple: Technology best practices can go a long way toward securing the enterprise.
More good ideas can be found in a piece at Intelligent CIO featuring Gregg Petersen, Veeam Software's regional VP for the Middle East and Africa. The piece offers seven ideas. A particularly interesting one is use of the "3-2-1 rule." Simply, the idea is to keep three copies of valuable data in two different backup systems with one of them located off site.
There no doubt are other good ideas. Indeed, some of them are in the three articles cited in this post. There really are three takeaways:
The dangers of ransomware can be limited through purely technical steps. Creating backups, keeping software updated and patched and other common sense approaches are winners in the fight against cyber thieves generally and the battle to avoid ransomware infections specifically.
The second idea is nurturing a culture in which employees (and contractors, trusted partners and anyone else who has access to internal networks) pay attention to computer hygiene. The truth is that no technology can catch everything and one small mistake can lead to disaster. Prevention is key, and it's impossible without the cooperation of people using the network.
The third takeaway is that following best practices – and doing so loudly – can cause criminals to move on and seek lower hanging fruit. Think of the big sign people put in front of their house when they install security system ("This Home is Protected by Acme Alarm"). Also, think of "The Club," the bar with which people lock their steering wheel to secure their cars.
Both are effective in reducing burglaries and car thefts. There is a secondary benefit: They encourage the crooks to move onto another house or car because that one will be easier to rob. Ransomware attacks are often blind with criminals casting a wide net. In targeted attacks, however, letting the crooks know that the company has done its homework will likely lead them to seek easier targets.