Internet Security

Internet Security : 10 Fundamentals to Fight Breach Fatigue

You don’t have to spend a lot of years in internet security to experience a phenomenon that’s been dubbed breach fatigue: the tendency to get tired of hearing about data security breaches. Breach fatigue can affect people differently based on their professional roles. For IT managers at smaller companies, breach fatigue can lead to a “why bother?” attitude. After all, if a major bank that spends hundreds of millions of dollars a year on internet security can still get hacked, is there any hope for small to midsize businesses?

Unfortunately for MSPs, attitudes like that can undermine your efforts to sell security products and services, so it is important to be ready with a response to this rebuttal. For example, I would say: “Your chances of surviving a cyberattack are actually quite high IF you’ve taken care of the fundamentals.” Before I describe those fundamentals, let me explain why I am confident in that statement.

First, I should note that each time a new data breach makes headlines, it adds to the workload for security researchers. Why? Because we want to find out how that breach happened so we can tell people how to avoid succumbing to the same type of attack. Unfortunately, it can take days or weeks, sometimes even years before we get the full story (which often differs from the first reports of the event).

Remember when JPMorgan Chase suffered what prosecutors later described as “the largest theft of customer data from a US financial institution in history”? When the news of that breach first got out, there was talk of a sophisticated nation state attack, even Russian involvement. We later learned that, although the bank had very sensibly installed two-factor authentication on its servers, it had missed one. That one server was how the hackers, con artists not a nation state, got in.

More recently we learned that an even more shocking breach – Equifax – was due to a failure to patch a well-publicized vulnerability (the congressional testimony of the Equifax CEO, who stepped down in the wake of the breach, suggested that the responsibility for patching rested with one person, who apparently slipped up). Back when Target was breached, internet security alarm bells were ignored and people failed to notice plaintext files full of credit card data being shipped to unapproved FTP servers in Russia.

The overarching theme here is that taking proper care of the fundamentals I’m about to discuss would have stopped many big-name breaches from happening. The good news for smaller companies is that they are likely to have fewer servers to watch over, fewer rogue projects flying under the radar, and simpler data flows to monitor.

So here is my pick of 10 fundamentals which, when properly managed, will go a long way in thwarting the bad guys:

  • 1. Timely patching of vulnerabilities
  • 2. Endpoint protection on all endpoints, including servers, at all times
  • 3. Encryption of data at rest
  • 4. Multi-factor authentication on all remote access, RDP, etc.
  • 5. Network segmentation
  • 6. Network monitoring / data loss prevention
  • 7. Removable media controls
  • 8. Backup and recovery plan
  • 9. Incident response plan
  • 10. Employee security awareness

Yes, that’s a lot of work, but if your customers get it done, their odds of both avoiding and surviving breaches will improve greatly.


This article was provided by our service partner: ESET.

Microsoft

Four Pillars of the Modern Partner Creating Thriving Cloud Business

 

Guest Author: Matt Morris – Matt Morris is a Partner Technical Strategist & Cloud Business guru in the One Commercial Partner group, where he leads technical sales readiness, and strategy for one of Microsoft’s largest distribution partners. Prior to his current role, Matt worked in enterprise technology sales, software development, and solution architecture roles at Microsoft and other technology firms. He has experience with mid-market and large enterprise organizations across a variety of industries as well as the public sector. He helps customers understand and implement high innovation and transformational technology solutions in the areas of analytics, cloud computing, and developer tools and platforms.

According to IDC, by 2020 IT cloud services revenue will exceed $500 billion. As a part of Microsoft’s One Commercial Partner organization, I know firsthand both the tremendous opportunity cloud computing presents our partners and the complexity that opportunity can pose. So, as you prepare to join us at IT Nation, I want to share a series of cross-industry partner resources that will help you evaluate the benefits and risks of cloud computing, and provide best practices to help you successfully transform your business to capture the largest possible share of those dollars.

 

Is the cloud right for my business?

Nearly 80% of customers are deploying or fully embracing cloud technology today, according to IDC. It’s clear many clients are hungry for the cost-savings and flexibility the cloud can provide, but finding the right pace and model for cloud adoption is challenging for many partners. In The Booming Cloud Opportunity, IDC analyzes the scope of the opportunity and how you can take advantage.

How do I grow my business with the cloud?

No one knows your clients like you do. Your hard-earned expertise solving clients’ challenges is the perfect foundation for a cloud-based practice. You know the solutions your clients want, without compromising their security or increasing long-term costs. More importantly, your clients chose you for a reason. Whether you’ve mastered a particular technology, specific vertical, or business process – your unique expertise can be scaled with cloud solutions to make you more profitable. Whether you’re looking to start gently with an SaaS solutions like Office 365™, or to dive into IaaS or PaaS with Azure™, evaluate your revenue potential with your Office 365 Revenue Modeling Tool or check out the eBook, Differentiate to Stand Out.

Will I need to change my sales & marketing for cloud solutions?

The next challenge is communicating the unique value you offer, particularly when 65% of B2B purchase decisions are made before ever engaging sales. The Modernizing Sales and Marketing Guide distills the best practices other successful partners have implemented. From developing a listening culture and understanding the customer journey, to building the right marketing assets to communicate how you solve customers’ real business challenges, this guide will help you grow your practice.

Am I ready to expand my practice into the cloud?

Changing your business model seems risky, even when you know that it’s critical to long-term success. So, before deciding to wait a little longer, see what it would take to get started. Some cloud services, like Office 365, can be implemented quickly and painlessly. If you have cautious clients, expanding into a hybrid blend of on-premise and cloud solutions might fit. The key is to create a strategy that allows you to leverage easily deployed cloud components to drive services revenue today, while developing your own specialized solutions to turn your unique expertise into a repeatable product over time. Get started with Optimizing your Operations.

However you choose to implement cloud services, my goal is to help you strengthen both your bottom line and your relationship with your customers. Long-term profitability is the result of helping your customers achieve their goals, growing revenue while reducing churn. Our last resource, Delivering Customer Lifetime Value closes the loop.


This article was provided by our service partner Microsoft.

veeam 10

Veeam 10 highlights

At the recent VeeamON Forum in London – some teasers were released of What’s new in Veeam V10. It doesn’t seem that long ago since Veeam version 9.5 was released but Veeam version 10 doesn’t disappoint with some much sought after new features.

Agents – became available in Veeam 9.5 and allow the backup of physical machines and VM’s in the cloud. This was a welcome feature, the only disadvantage was that you had to manage your agents from a separate interface. Version 10 allows you to manage all your agents from the standard Veeam Backup and Replication Console. Management of agents will be standard in version 10 from the B & R Console but if you’re on 9.5 you can also get this functionality early by applying update 3 which should be available shortly.

NAS backup – this was a real chink in Veeam’s armour previously as there was no way to backup NAS devices. The presenter mentioned this was one of the most popular feature requests, no surprise there. Version 10 will allow backups of NAS devices, and this will not be NDMP based. The feature is actually enabled with the addition of a new proxy role, the File Backup Proxy. This backup method allows the backup process to be vendor agnostic and also allows out of place restores to be performed to any target.

Continuous data protection – (CDP) allows for a near zero RPO. Those familiar with traditional continual data protection will remember physical appliances which acted as write splitters. Veeam’s implementation is of course software based and works by harnessing the VMware VAIO API which splits the write and creates a secondary copy of it. The picture below demonstrates a write being written across two different VMware clusters via the CDP proxy.

Continuous data protection is configured in the following screen which allows you to specify an RPO in seconds as well as how long it is stored for.

Veeam CDP setting screen

Storage integration API – storage integration is nothing new for Veeam, they have offered  integration with vendors such as HPE and NetApp for a number of years. In version 10 of Veeam there is now a universal storage integration API available, so storage vendors can develop integrations and they will all be based on a standard model. Previous storage integrations have been unique to each vendor. Storage based snapshots will of course bring the benefits of offloading the grunt work from the hypervisor and minimise the risk of VM stun

RMAN backups – Oracle DBA’s can continue to use the RMAN native backup tool they are familiar with but target a Veeam repository

Archive tier – will be available as a tier within a Scale-Out Repository. This allows backup data to automatically tier down to cheaper storage and is policy driven.

Role based access – is based on vSphere roles and allows users to perform their own simple operations such as restores

TAAS – possibly my favourite new feature, bringing new to old. Tape As A Service. This basically means that Veeam will tape out for you. Giving you the benefit of tape such as low cost per GB storage and offline media without the hassle of tape management

The Veeam backup and replication version 10 release data has not been announced yet, the official V10 page just lists it as coming soon. Veeam 9.5 update 3 is expected imminently.

Cisco Umbrella

Cisco Umbrella Has Something New for MSPs

The threat landscape continues to get more sophisticated and complex. In a continued partnership to help MSPs protect their clients, Cisco is excited to announce a new Advanced Cisco Umbrella package specifically designed to help MSPs deliver even deeper protection.

As part of the Cisco Umbrella rollout for MSPs Advanced, centrexIT has become an early adopter. centrexIT, an award-winning Managed Services Provider in Southern California, stands out in the IT industry with a unique take on information technology and business alignment. Although their clients engage with them to support their business technology, network health, cybersecurity, and more, centrexIT’s most important metric isn’t how well the technology is working. It’s how to make their client’s lives easier, more productive, and ultimately make them more profitable. A large part of that goal in 2018, and beyond, is practicing good cybersecurity management.

“We value people over technology,” says Eric Rockwell, CEO of centrexIT. “And that commitment to our Culture of Care in turn leads us to focus on providing excellence in service while using technology that meets the highest of standards.”

That standard is even higher when it comes to security — especially in the face of the many high-profile breaches in security that have taken place throughout the tech industry over the past few years.

“Without following the standards for good cybersecurity controls and adhering to applicable regulations, you’re at a much higher risk of your information being breached — and that’s what you’re seeing on the daily news,” Rockwell says.

Cisco plays a major role in helping centrexIT protect their clients. As long-time partners with Cisco, centrexIT was given the opportunity to be the first to adopt Cisco’s latest security features.

“centrexIT is in the process of transitioning to a Next Gen MSP — an MSP with an MSSP (Managed Security Services Provider) practice,” Rockwell says. “We’re expecting huge growth in our MSSP line of business next year, both from existing MSP clients buying MSSP services as well as non-MSP clients buying MSSP services. Our focus on quality and security will only continue to grow as our clients keep demanding it.”

With the company’s growth and the Culture of Care at the forefront, the centrexIT team was more than ready to adopt the latest features.

“We’re using the new Cisco Umbrella features such as file inspection with anti-virus (AV) engine, Cisco Advanced Malware Protection (AMP), and custom URL blocking to help further protect our clients,” Rockwell says.

File inspection provides centrexIT with even deeper protection. When Umbrella receives a DNS request, it uses intelligence to determine if the request is safe, malicious, or risky — meaning the domain contains both malicious and legitimate content. Safe and malicious requests are routed as usual or blocked, respectively. Risky requests are routed to our cloud-based proxy for deeper inspection. The Umbrella proxy uses Cisco Talos web reputation and other third-party feeds to determine if a URL is malicious. With the advanced package, the proxy will also inspect files attempted to be downloaded from those risky sites using anti-virus (AV) engine and Cisco Advanced Malware Protection (AMP). Based on the outcome of this inspection, the connection is allowed or blocked.

Through custom URL blocking, centrexIT has even more control over information being accessed and in discovering potential security threats. Custom URL blocking gives MSPs the ability to enforce against malicious URLs in a destination list. It provides the flexibility to block specific pages without blocking entire domains.

These new security features are a huge plus for centrexIT and its clients. They help fulfill its core value and meet its key metric, says Rockwell. “At the end of the day, our client’s lives are easier and they’re at peace because they know we’re working tirelessly to care for them and keep their information safe and private.”

Mac Security : Why You Should Protect Mac’s from Viruses

“I use a Mac, so I don’t need to worry about malware, phishing, or viruses.”

Many Mac users turn a blind eye to cybersecurity threats, often noting that most scams and attacks occur on PCs.

However, within the last few years, there has been a noted uptick in spyware (a type of software that gathers information about a person or organization without their knowledge), adware (software that automatically displays or downloads advertising material), and potentially unwanted applications (PUAs) on Macs and iOS devices.

While Macs are known to have strong security features, they are by no means bullet proof. Webroot Vice President of Engineering David Dufour noted, “Many of these incidents are occurring through exploits in third-party solutions from Adobe, Oracle’s Java and others, providing a mechanism for delivering malicious software and malware.” Even the most internet-savvy users should be sure to install antivirus software on their Mac products.

Security tips for safe browsing on a Mac

Traditionally, because the Android operating system is more widely used around the world, it is also more highly targeted by cybercriminals. However, mobile devices running iOS are still vulnerable to security threats, and protecting them should be a priority for anyone who owns them. While it’s true that files and apps on mobile devices running iOS cannot be scanned in the same way that laptop devices can be, Webroot nonetheless recommends using mobile security as well as following these security recommendations to ensure safe browsing:

  1. Try using a VPN
    VPN stands for “virtual private network” and is a technology that adds an extra level of privacy and security while online, particularly when using public WiFi networks, which are often less secure. This recent Refinery29 article illustrates the benefits of VPNs for your work and personal life.
  2. Secure your browser
    You may be tempted to ignore messages about updating your browsers, but the minute an update is available, you should download and install it. This is good advice for all software being run on any devices—desktop, laptop, or mobile.
  3. Secure backup
    Be sure to regularly backup your computer and iOS devices so you can easily retrieve your data in case you get locked out of your device.
  4. Use strong passwords
    Instead of using a four-digit code on your iOS devices, use a combination of numbers and letters.

This article was provided by our service partner : Webroot

MSP

Overcoming the MSP Stereotype in 5 Steps

Some of the best clients on any technology solution provider’s radar might already have an in-house IT resource, and while you’re busy building relationships with the right people to get that contract signed, that in-house IT person may not know you exist until the deal is done. The uphill battle to finding success with that first in-house IT client? The MSP Stereotype.

What IS the MSP Stereotype?

As crazy as it seems, there’s an unofficial caste system in IT that revolves around career paths and specialization. Most IT professionals start out in desktop support to learn basic concepts, then move on to application support for a deeper understanding of business-critical applications. Their time in troubleshooting opens new doors to managing the systems or networks those applications rely on.

What About MSPs?

This general path leaves out the traditional MSP, who some IT pros see as a failed desktop support specialist. Every time an MSP says they’re “concentrated on making money, not learning some new technology” it reinforces the stereotype that MSPs are peddling half-baked fixes, useless hardware, and needless up-selling. It’s a mentality that gives the entire community a bad name, and overcoming it is the key to building a healthy, long-term relationship with your clients’ in-house IT.

So how do you overcome the bias / bad press? How do you avoid being undermined and build a mutually beneficial relationship?

5 Steps to Overcome the Stereotype

1. Find Their Passion

Make time to meet with in-house IT staff. Take them out to lunch or drinks, and assure them you want to help. Find out what part of IT excites them. If they’re passionate about troubleshooting and the instant gratification it brings, give them first refusal on break/fix issues with an agreed upon SLA. If strategic planning lights them up, give them a voice in those meetings. In other words, give in-house IT a chance to redefine their roles and responsibilities.

2. Build Credibility

Provide in-house IT with credentials for their assigned technicians/engineers. If your team has a slew of certifications and/or years of experience, let your client’s in-house staff see for themselves. Be prepared to handle objections. Some IT pros believe in certifications, while others think certifications are useless. Address objections calmly and professionally. At the end of the day, it’s about winning trust. It won’t happen overnight, but making efforts early help you both better understand what you’re walking into.

3. Collaborate Often

With a solid understanding of what the in-house IT staff is passionate about, take the time to collaborate with them on the direction of their account. In-house IT will understand why you have standards to uphold for supportability and consistency –give them a chance to voice preferences before options are finalized. Involving them as much as possible will do wonders for your long-term relationship.

4. Communicate Decisions

As an MSP, you bring recommendations and options for clients to decide on. Which means you likely have more access to your client’s decision makers than their own staff, including In-house IT. Decisions get made multiple times a day, but top-down communication is often a problem. Treat In-house IT the way you’d want them to treat you. If you get out of a meeting where a decision is made that could impact In-house IT, let them know the decision and, if possible, the logic behind it. Face-to-face will go a long way, but a simple phone call works too.

5. Maintain Trust

The problem with stereotypes is that you need to constantly prove you’re different. Doing the 4 steps above get the ball rolling, but you can’t slack off. Stay actively engaged with your client’s In-house IT to remind them you’re constantly looking out for their best interests.

Many MSPs already understand the benefit of clients with in-house IT. You get an extra set of hands without any of the overhead. You get an advocate when you’re not in the room, and a champion for your team and business…if you simply overcome the MSP stereotype. Invest the time to nurture your in-house IT relationships and they’ll help you build a stellar reputation.


This article was provided by our service partner : Connectwise

Managed Security Services

Ransomware Spares No One: How to Avoid the Next Big Attack

With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.

We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.

 To put it simply, your files are stolen. Basically, any files that you would need on the computer, whether those are pictures, office documents, movies, even save files for video games, will be encrypted with a password that you need to get them back. If you pay the ransom, you get the password (at least, in theory. There’s no guarantee.)

How does the average home user get infected with ransomware?

Malspam” campaigns are definitely the most popular. You get an email that looks like it’s from the local post office, saying you missed a package and need to open the attachment for tracking. This attachment contains malware that delivers the ransomware, infecting your computer. It is also possible to become infected with ransomware without clicking anything when you visit malicious websites. Advertisements on legitimate websites are the biggest target. Remote desktop protocol (RDP) is another huge attack vector that is gaining traction as well. While controlling desktops remotely is very convenient, it’s important to make sure your passwords are secure.

How is the data ? Is the ransomed data actually taken or transmitted?

When you mistakenly download and execute the ransomware, it encrypts your files with a password, then sends that password securely back to the attacker’s server. You will then receive a ransom demand telling you how to pay to get the password to unlock your files. This is a really efficient way to prevent you from accessing your files without having to send gigabytes of information back to their servers. In very simple terms, the files are scrambled using a complex algorithm so that they are unreadable by any human or computer unless the encryption key is provided.

What types of files do ransomware attacks usually target?

Most ransomware is specifically engineered to go after any type of file that is valuable or useful to people. Around 200 file extensions have been known to be targeted. Essentially, any file that you’ve saved or open regularly would be at risk.

How does the attacker release the encrypted files?

The attacker provides a decryption utility via the webpage where you make the payment. Once you receive the decryption key, all you have to do is input that key into the tool and it will decrypt and release the files allowing you to access them again. Keep in mind, however, that the criminal who encrypted your files is under no obligation to give them back to you. Even if you pay up, you may not get your files back.

Tips for protecting your devices:
  • Use reliable antivirus software.
  • Keep all your computers up-to-date. Having antivirus on your computer is a great step towards staying safe online; however, it doesn’t stop there. Keeping your Windows PCs and/or Mac operating systems up-to-date is equally important.
  • Backup your data. Being proactive with your backup can help save your favorite vacation photos, videos of your kid’s first piano recital, not to mention sensitive information that could cost you thousands by itself.

This article was provided by our service partner Webroot.

 

cyber secuirty

Five Crucial Components of a Layered Security Strategy

Modern cyber threats are evolving at an alarming pace. Today’s thieves are constantly devising new tactics, angles, and technologies that can be used to victimize your customers—everything from malicious mobile apps to phishing emails and malware, and the consequences can be costly. Last year, the FBI estimated that criminals would net $1 billion in ransomware profits alone.

To truly ensure your customers are safe from these increasingly complex attacks, they need multiple defense layers to protect against every tactic at every attack stage. Here are a few essential layers that should be a part of any successful cyber security strategy.

Multi-Vector Protection

Cyber criminals are more organized and better educated than ever before. This means they’re increasingly savvy in implementing multistage, multi-vector attacks. Multi-vector protection ensures that your customers’’ endpoint security covers threats that cross multiple vectors, through multiple stages, reducing the opportunity for cyber criminals to successfully breach their networks.

Web Filtering

In many cases, the weakest links in a security strategy are the very same end users it’s intended to protect. In order to ensure end user behaviors don’t jeopardize the security of business networks, effective domain-level protection is a must. Using a cloud-based, web accessible security layer protects a TSP’s customers by reducing the flow of malware into the network by up to 90 percent. Plus, it gives TSPs granular control of all users’ internet activities, blocking dangerous websites automatically, and placing others under real time policy control.

End User Education

According to the Verizon Data Breach Investigations Report, phishing—a practice in which cyber criminals impersonate a legitimate company to steal personal information or login credentials—was behind 90 percent of security breaches in 2016. Plus, thanks to an increasingly mobile workforce, an organization’s data often leaves its secured network perimeters, creating a major vulnerability. For these reasons, implementing a recurring and continuously updated security education program is more important than ever to help end users remain current on increasingly sophisticated and realistic phishing attempts.

Patch Management

Patching ensures that your customers’’ systems are up-to-date making it more difficult for the majority of hackers to penetrate. Regularly scanning for vulnerabilities in your customers’ environments can help you determine if patches are necessary. It’s a low-cost practice that can dramatically improve security.

Backup

Backups are essential for remediating malicious activity and eliminating the effectiveness of ransomware. Having a regular backup in place also addresses concerns about whether your customers have ready access to the latest versions of their applications and data. This is critical for organizations that must meet certain compliance mandates such as HIPAA or PCI-DSS.

Webroot SecureAnywhere® solutions specialize in providing all the layers of security you need to protect your customers from complex, zero-hour cyber threats.


This article was provided by our service partner Webroot.

Veeam

Why hybrid cloud is the new normal for enterprises

We are living in times when it’s hard to imagine our lives without technology. Our center of command is sitting in our pockets, and we are just a few taps away from booking a flight, checking our bank account or reading the news about our favorite football team. Our fast pace of life demands uninterrupted access to each application on any type of device from everywhere. Therefore, organizations need not only speed and versatility, they also need what we call Availability.

In a recent study, Forrester states that the hybrid cloud will open unlimited possibilities for enterprises around the globe to enrich their offerings through a customer-centric approach. The cloud storage deployments are evolving from simple storage silos and low-cost archiving to covering more complex use cases like global namespaces and policy-based migration.

If you thought cloud was already popular, just give it a bit more time. Hybrid cloud storage is now able to combine on-premises applications with cloud-based services, and this is only going to bring a whole lot more benefits for organizations:business agilityscalability and improved data sharing. Just think about it: a few years ago, cloud was more of a personal tool, mainly used to store documents and other files, but look at where it is today! The hybrid cloud technologies now support remote office/branch office operations (ROBO), Disaster Recovery as a Service (DRaaS), the internet of things, file sync and share, and pretty much anything related to business technology.

While many organizations are migrating from expensive conventional storage systems to cloud-based systems — and this is the natural step of the IT evolution — it’s important to acknowledge that the cloud is not all milk and honey. There are a few considerations that you might need to deal with: security, regulatory compliance or long-distance data migration. However, the overall value of adopting the cloud is immeasurable, and its full-scale adoption is already happening.

Veeam enables modern organizations to deliver seamless digital life experiences to their customers through the Veeam Availability Platform, which integrates virtual, physical and cloud-based workloads. Embracing a hybrid cloud architecture opens new possibilities for both our customers and service provider partners looking to leverage the rapidly-evolving cloud computing best practices and adopting the next generation of Availability for the Always-On Enterprise.

The same report claims that “Cloud forces a new architectural approach to everything.” Of course, adopting a hybrid cloud architecture requires a new mindset, but the cloud will play a major role in our digital future, that’s for sure.

To find out more about the hybrid cloud and its benefits, I recommend you read the Hybrid Cloud is the Foundation for Storage Agility and Economics full report by Forrester.


This article was provided by our service partner Veeam.

ransomware attack

Is Your Organization Ready to Defend Against Ransomware Attacks?

Without question, cybercrime is escalating and ransomware attacks and threats abound. Learn how to defend against ransomware, how infection can occur and how you can fight back.

Cybercrime is reaching unprecedented heights. And with the recent “WannaCry” ransomware attack, cyberthreats are back at the top of every IT department’s list of priorities and concerns. Unfortunately, it’s a trend that is unlikely to be curbed anytime soon. Cybersecurity communities have estimated that the total cost of cybercrime damage worldwide is estimated at $6 Trillion annually by the end of 2021, forcing more and more businesses to invest in cybersecurity spending on products and services to protect their business critical data from potential ransomware attacks.

Here I’ll talk more about what ransomware is, how infections can occur and how your business can be more prepared to defend against potential attacks.

What is ransomware?

Ransomware is typically defined as a subset of malware where the data on a victim’s computer becomes inaccessible and payment is demanded (usually in the form of bitcoin or other cryptocurrencies), before the data is decrypted and the victim can re-access their files.

Ransomware attacks can present themselves in a variety of forms but Microsoft Malware Protection Center explains that the two most widespread ransomware families to be reported in 2016/17 were:

  • Lock-screen ransomware
  • Encryption ransomware

Typically, lock-screen ransomware will present victims with a full-screen message which then prohibits the user from accessing their PC or files, until a payment is made. Whereas encryption ransomware will modify the data files via encryption methods so that the victim cannot open them again. In both cases, the attackers are in total control and demand large sums of money to access or unlock the files.

How does a ransomware infection occur?

On average, most ransomware infections occur through email messages carrying Trojans that attempt to install ransomware when opened by victims, or alternatively, websites that attempt to exploit vulnerabilities in the victim’s browser before infecting the system with ransomware.

Multiple high-profile incidents in 2016/17 alone, have demonstrated the destruction ransomware attacks can have on enterprise networks just as easily as on individual PCs.  For example, EternalBlue (a Windows exploit) released by the mysterious hacking group Shadow Brokers in April 2017 breached spy tools at the National Security Agency (NSA) and offered stolen data for auction, and the WannaCry strain targeted thousands of targets including the National Health Service in the UK (in total netting ~52 bitcoins or around $130,000 worth of ransom).

Not to mention many other widespread strains of ransomware including Petya, Nyetya, Goldeneye, Vault 7, Macron which have had devastating effects on countries, enterprises, election debates and individuals around the world. Attacking enterprise networks in this manner, is even becoming even more attractive because of the value of the files and data that large enterprises own means attackers can demand higher monetary values for ransom.

How to fight back

The increasing threats of ransomware attack should come as no surprise, because in reality organizations have always been under threat from malicious cyberattacks, viruses and ransomware, just more so now than ever before, and IT managers should continually be looking for ways to better protect their valuable data. Therefore, it is essential that your organization has a plan in place to defend against such attacks, minimize financial impact, reduce IT impact and maintain brand reputation.

The industry recognized recommendations suggest organizations follow the simple 3-2-1 rule and the implementation of a strong security plan. The goal of the 3-2-1 rule is to provide customers with a data protection solution that maximizes application uptime, and data availability in the event of a disaster striking.

With the proper execution of the 3-2-1 backup principles, IT managers can protect their data by:

  • Maintaining 3 copies of data (primary data and two copies)
  • Store backup copies on 2 different media types (such as tape, disk, secondary storage or cloud)
  • Keep 1 copy off-site (either on tape or in the cloud, since disasters can strike without notice, if all other forms of protection fail, you still have access to offline data!)