Sunday, October 16, 2016

Ransomware: Osterman Research Survey for Malwarebytes
Joseph Concannon
Today I receive a note from a friend who said he had fallen victim to a Ransomware attack.  So I figured its a good time to review some up to date expert research.  This review is a product of Integris Security LLC and we gladly share this with the community.

First, Ransomware is a global issue effecting enormous sized companies as well as my local friend.  Ransomware is a global threat/problem.  We must recognize the size and depth of this issue.  A survey was conducted during June of 2016 that included CIO's, CTO's, CISO's and other executives.  The survey included 165 corporations in the United States as well as companies from around the world.  39% percent of the companies that were contacted were impacted by a ransomware attack in the U.S. alone.  This is truly a global problem and issue but let's keep the focus here at home.  The report shows the various priorities by country.

The FBI talks about Ransomware as a, "an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them". Integris Security LLC evangelizes through its President, Joseph Concannon the value of Risk Management and the ongoing development of a solid business continuity program.  Concannon states: "this isn't a once a year review, this is a daily, weekly, monthly, quarterly and semi-annual program.  Risk Management opens the eyes of the Executive Team and Boards of Directors".

Second, it comes as no surprise that the survey results identified healthcare and financial services industry as the prime target.  Each are highly dependent upon business critical information according to Osterman Research, Inc.Cyber criminals lay and weight until they find the prime target for an attack; one which they can not recover from due to the lack of ransomware fighting software.  In Osterman's survey U.S. companies were most likely to fall victim to a ransomware attack (79% fell victim according to the survey).

Third, Ransomware ranks the fourth highest security concern for senior executives in the United States as surveyed by Osterman Research, Inc., and more:

 U.S. organizations are also more likely to place a high or very high priority on investing in education and training about ransomware for their end users; and for investing in resources, technology, and funding to address the ransomware problem.

Note well: What the Osterman Research reveals is the power play between tenured industry executives and newly appointed CIO's, CISO's, CTO's learning the mine field of budgeting.  Where do these technology executives make the push to gain budget for their projects and can they convince business unit managers to join their team?  Who pays for training and education and how does that weigh in the balance of getting things done?  Here's how its playing out so far:
Somewhat ironically, however, U.S. organizations are also the least likely to have implemented any sort of ransomware training for their end users, and are among the most likely to offer only minimal training when they actually do so.  U.S. companies rate Ransomware as a high or extremely high priority, unlike their European counterparts in Germany and the UK or Canada which consider it less of a threat. 
Yet the training dollars in the U.S. continue to lag behind.   

The survey that I am reviewing is called, "Understanding The Depth of The Global Ransomware Problem" a report promoted by a company called Malwarebytes
The perceived importance of regular, on-premises backups as a ransomware-recovery tool is quite high among U.S. and German organizations, but somewhat lower among the organizations we surveyed in Canada and the United Kingdom. However, Canadian and UK-based organizations were more likely to use regular, cloud-based backups to recover from ransomware. Other capabilities in place to address ransomware included on-premises ransomware-detection solutions (highest penetration in the U.S.), network segmentation (highest in Germany), and air gaps between data stores and the Internet (highest in Canada).
At Integris Security LLC we point out that segmentation and air gaps are important as well as on-premises backups NOT connected to the network you are backing up.  Strong passwords that are changed every 90 days.  Here are the top 15 Cyber Security Precautions to follow.  Here are some very good tips for enterprise environment security teams to review (FBI):

Here are some tips for dealing with ransomware (primarily aimed at organizations and their employees, but some are also applicable to individual users):
  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly and verify the integrity of those backups regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

For those at home we strongly recommend backup on USB stick, or other storage drive with proper security "on board" to assess the devices health each time the device is accessed.  Saving important documents to a computer is a thing of the past.  Time to think 2016 and the threats that come with the technological age we live in.  Store important documents in a safe deposit box (whether in paper or USB or storage drive or other form).  If its important, then take the extra security steps. THINK CONNECT is the U.S. Department of Homeland Security Campaign promoted during Cyber Security Awareness Month (October each year).  However, the evil email attachment continues to lure an seemly endless waterfall of users into the brink.  Nothing beats education and awareness in preventing the lost of your computer to a cyber attack.  While on the computer remember you are not in your living room.  You are in the "Wild West" and everyone's your friend.  You wouldn't leave your front door open at night, so don't leave your computer open either.  
Integris Security LLC grew from our passion for protecting our nation’s critical infrastructures and years of providing industry professionals with best of breed solutions, proven best practices and top notch security education. We work tirelessly to nurture our clients’ TRUST. We will work equally diligently to EARN your trust.

No comments: