Like lethal strikes carried out by the Serengetti’s deadly predators, ransomware attacks often unfold quickly, stealthily and with great harm to victims. That’s because beasts of prey, whether equipped with claw and fang or malicious malware, exploit a pack’s weakest links. They prey on the careless and the naive, the ones who stray from the herd and venture beyond the boundaries of safety.
So when the pandemic-induced Great Worker Migration of 2020 went down, practitioners of ransomware attacks viewed the shift — from offices protected by perimeter security to home offices on the edge of networks’ frontiers — the way a pack of hyenas would view a group of gazelles parting company and going their separate ways.
“The target of opportunity is the weakest link within most security programs,” said Homayun Yaqub, Senior Security Strategist at Forcepoint, an IT company that develops computer security software and data protection solutions. “Those people, at the moment, are distanced from security and control mechanisms. That exponentially increases the opportunity for ransomware attacks to be successful. They saw tremendous opportunity, and they’ve been very successful at exploiting it.”
The Cost of Ransomware
Ransomware attacks have been around for years, yet they’ve never been more dangerous or malicious. As attack surfaces have grown, malware predators have become more sophisticated in their techniques, more ruthless in their tactics. Government agencies and private-sector organizations that fail to protect themselves risk financial losses, disrupted operations, ruined reputations, destroyed or altered data, and diminished security defenses and compromised partners.
Last summer’s ransomware attack on Garmin led to the technology company paying a $10 million ransom to hackers who used the WastedLocker malware to cripple operations, according to news reports. Far from the arena of athletic competition that Garmin is known for, the attack disrupted flight schedules because pilots couldn’t download data using Garmin aircraft navigation systems.
“Many airports and air traffic control towers rely on Garmin’s GPS data. And so any disruption to that data could have significant if not dire consequences,” said Yaqub, who refers to the attack against Garmin as “a virtual kidnapping.”
Hackers continue to find new ways to pressure victims to pay up. Some have threatened to publicly release victims’ data. Others have moved from locking up data to stealing it. Most nefarious, perhaps, are the ransomware attackers who threaten to alter organizations’ data. For a government agency with a sensitive mission, not being able to trust operational information is a crisis.
What if the FDA or the CDC or any number of government agencies dealing with the approval of new drugs and vaccines fell victim to a ransomware attack? “What material impact would that have?” Yaqub asks. “This notion of being able to alter data comes into play for a lot of organizations, particularly those that are vulnerable to any type of business disruption.”
To mitigate the damage of ransomware and, better yet, repel attacks, agencies can take certain steps:
- Create a backup of data, including an offline backup beyond the reach of hackers.
- Erect firewalls and other forms of internal segmentation to thwart movement of hackers that breach security.
- Embrace the principles of Zero Trust and Least Privilege
- Understand baseline behavior of workers in order to identify aberrant behavior.
- Continue to employ web filtering, web security, spam filtering, anti-virus and anti-malware solutions and other traditional tools.
Acknowledging that human workers are the new perimeter security, Forcepoint takes an approach known as human-centric cybersecurity and endeavors to build human firewalls that can thwart security threats.
The approach rests on the idea that “the interaction between employees and data is not static. It’s very much dynamic,” Yaqub said. “People are constantly moving along this curve where they are creating value” while also acting in ways that could potentially introduce risk.
Forcepoint has invested resources into “evaluating risk at the earliest point of detection and leveraging that knowledge to help enforce security controls across applications,” Yaqub said.
Tools that analyze the behavior of peer groups further enhance the ability of organizations to detect anomalies and prevent security breaches. That’s because cohorts of people have signature behaviors, just as individuals do. So if the gazelle in accounting begins exhibiting behavior expected of a warthog, something might be amiss.
“The benefit of leveraging those analytics is to do this at scale. And to take seemingly innocuous data points and use them to raise the flag early,” Yaqub said.
The bottom line?
“Let’s focus on where we need to spotlight interactions between users and data so that we can better understand and control risk within an organization’s environment,” he said.
To learn more. visit forcepoint.com.