by Mike Weston, Vice President, Cisco Middle East
Ransomware has rapidly established itself as one of the biggest security threats for businesses and now researchers are warning that such attacks are likely to become more complex and devastating. Cisco’s recent Midyear Cybersecurity Report 2016 predicts new strains of ransomware will be able to dynamically change tactics and target networks rather than individual users, dramatically expanding the scale of assaults. The report also revealed fragile infrastructures, poor network hygiene, and slow detection rates are the primary reasons corporations are falling victim to ransomware attacks, which in turn has led to ransomware becoming the dominant and costliest malware ever and our research firm believes it will become even more dangerous in the coming months as new varieties come online. Our security researchers calculate that ransomware nets our adversaries nearly $34 million annually. That’s a significant industry, and it’s time we improve our odds to handle this type of attack.
The key to undermining our adversaries’ success is reducing their Time to Operate, that is, the time it takes to identify and exploit vulnerability before defenders can detect and stop it. We’re seeing exposure in unpatched systems and outdated devices provide considerable time for bad actors to operate. Many vendors do the right thing by providing timely notifications, fixes, and distribution of vulnerability patches. Yet findings show that users often don’t update their systems, a failure of the basic ‘blocking and tackling’ tactics of a secure enterprise.
Our goal? To accelerate Time to Secure – a combination of Time to Patch (TTP), which is the gap between when vendors announce public vulnerabilities and when users patch, and Time to Detect (TTD), the gap between an attack and an organization’s ability to respond. These key indicators can enable defenders to hone in on the techniques that constrain attackers and force them to change strategies.
The TTD is a key metric that we track and we are committed to reducing our median TTD. Our results speak for themselves. We’ve cut ours significantly from more than 2 days over a year ago to just over 8 hours this April, with a median detection of less than 13 hours. Just know that we are not stopping there.
So what can organizations do enhance the security of their operations? Well, our Talos researchers suggest a few simple yet significant steps, including:
- Improve network hygiene - Improve aging infrastructure to limit vulnerabilities.
- Integrate defenses - Use machine learning techniques combined with novel data views.
- Measure time to detection - Find out how long an attacker can live in your network before they are found.
- Protect your users everywhere they are - Protect users whether they're on a laptop, a smartphone, or another device. Don't just protect networks but protect users. They are the target.
The truth is that many organisations probably don't see themselves as high-value targets for attackers and it's likely that they have very minimal protection or staff training and awareness. However, many malicious actors will consider these businesses as easy targets and will look to hold organisations to ransom through a ‘soft attack' that compromises its data. Attackers are going undetected and expanding their time to operate. To close the attackers’ windows of opportunity, organisations will require more visibility into their networks and must improve activities, such as patching and retiring ageing infrastructure lacking in advanced security capabilities.
Descriptor: The profits from ransomware are making it one of the fastest growing types of malware and new versions could negatively impact entire industries, according to a Cisco 2016 Midyear Cybersecurity Report.