This is part of a series of blogs intended to both inform and provide potential solutions and resources to protect organizations of all sizes and industries from the perils of being a “connected” entity. My previous blogs include:
In this follow-up, I explain the source and nature of the most recent and, potentially, most financially devastating of cyberattacks: Ransomware.
Who’s Ransoming Who or What?
In short, ransomware is a type of malware that is injected into an organization’s network environment via traditional means: the exploitation of network vulnerabilities. Once in the organization’s environment, data files are encrypted making them unreadable without having the means to decrypt them. The IT industry uses data encryption as a business-as-usual process. The difference in this scenario, is that the data encryption performed by ransomware uses an encryption key that is only known to the perpetrator. In order to unlock (decrypt) the files, a ransom must be paid to receive the decryption key.
Can I Proactively Encrypt?
It’s a fact that if an organization’s files are already encrypted (by the organization itself), then ransomware would have no effect since it’s not possible to encrypt data that has already been encrypted. So, you say, why not just encrypt all my org’s data and be safe and done with this ransomware thing? Well…. not so fast!
In order to fully protect all of an org’s data, it must be encrypted in all stages of its existence: At rest (storage), in motion (being transmitted), and being processed. An org would have to encrypt/decrypt all its data for each stage of that data’s existence in order to be fully protected. The processing overhead, even for the fastest systems, is perceived as being too much to tolerate. The processing speed of most networks would be so severely impacted that the decision is usually made to not go down this path.
So Now What?
OK, so we’ve established that full data encryption in a typical org’s network environment would inject so much processing latency as to be intolerable. So that still leaves the org open to ransomware, right?
Yes, it does, but that fact just brings us back full circle to the original intent of this series of blogs: Protect and defend your org’s network at the entry points. If a proactive structured network defense posture is employed, ransomware will be just one more type of malware that your defenses will intercept and squash before it has a chance to perform its mission.
The ransomware that caused the temporary shutdown of the Colonial Pipeline was traced to an old VPN (Virtual Private Network) that was no longer in use but for which the password was still active. Worse still, no multi-factor authentication was in use – only that one single password. A formal cyber-security internal assessment would have caught this.
Getting Back to Basics
Ransomware is just another form of malware. If an organization wants to fully protect itself, then the basic strategy remains unchanged: Understand and deploy one or more of the known cyber-security compliance frameworks and rigorously test and re-test your organization’s defenses using these frameworks as your guide. Refer to my previous blogs for more in-depth information on the more popular cyber-security frameworks and how to embrace them.
How Does My Company Get Started?
The first real step is to determine the current state of your organization’s cyber defenses. Typically, an internal cyber-security assessment or “gap analysis” is performed in order to investigate and document the current state of your defenses. If your organization does not have the internal bandwidth to perform a thorough analysis, consider employing the services of an experienced Cybersecurity Compliance Consultant who can obtain the desired results with minimal impact to your staff and operations.
Complete the form below to reach me for additional information.