Ransomware attack businesses and put a halt to operations daily, often at enormous cost. There are multiple solutions that try to stop Ransomware from getting into your network in a variety of different ways. Firewalls, anti-virus, nextgen anti-virus, patching and email and web gateways. They all work based on identifying and stopping Malware from getting into your network at the perimeter, or on the endpoints before damage is done.
Unfortunately, it is becoming increasingly common that Ransomware can avoid detection by perimeter and endpoint products, leading to a situation where organisations have an over reliance on humans as a “Last Line of Defence”. Human error is still the number one-way hackers get into your system. Yes, anti-virus programs and system backups are critical, but organisations now spend a lot of time, effort and money on user awareness – however that is not enough. It is like getting a speeding ticket – after you get one, you drive carefully for 3-4 weeks, and then gradually revert to old habits of speeding. If your strategy for Last Line of Defence is a “Human Firewall”, it constantly needs to be maintained and updated like any other security technology, and you will still be vulnerable, says Morten Gammelgard from BullWall.
Questionable email attachments, pop-ups on screens and links to videos, are ways that hackers target individuals to gain access to your network. There is also a threat from devices that cannot install the traditional security agents such as IoT/mobile devices which could start to encrypt files on fileshares.
We need the ability to detect, alert, respond and recover quickly, as even the most sophisticated organisations will eventually experience a cyber breach. When hit by Ransomware that evades existing security solutions, how you respond in the first few minutes is critical when it comes to overall cost of the attack.
With GDPR in effect the pressure on organisations hit by Ransomware has escalated. GDPR is likely to become another tool for negotiation by extortionists, who will threaten to compromise an organisation’s data unless a payment is received, knowing that the consequences will be more significant under the new regime.
According to The Information Commissioner’s Office (ICO):
“In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by Ransomware, or accidentally lost or destroyed.
When a personal data breach has occurred, you need to establish the likelihood and severity with risks to people’s rights and freedoms. If it’s likely that there will be a risk then you must notify the ICO; if it’s unlikely then you don’t have to report it. However, if you decide you don’t need to report the breach, you need to be able to justify this decision, so you should document it”.
In a scenario where your organisation has been hit by a previously unknown variant of Ransomware that evaded detection by your existing security solutions, and unknowingly to you, succeeded in encrypting 150,000 files on your fileshares in your datacentre or in the cloud, and even worse without visibly changing the filenames.
Your organisation need to be pro-active and instantaneous, as you only have 72 hours.
This is where BullWall’s RANSOMCARE technology is a powerful supplement to Humans. RANSOMCARE is “Last Line of Defence” – when all other security solutions fail – RANSOMCARE will monitor and protect your files. It is an agentless solution that is installed on a virtual server in your Datacentre or Cloud. RANSOMCARE can instantly detect and shutdown a Ransomware attack and quickly provide you with the information required for GDPR compliance.
Contact Brookcourt to book a demo: firstname.lastname@example.org