The new year has begun and already multiple companies have fallen victim to ransomware and featured in the headlines as a result.
Picanol, a world leader in weaving loom production, was hacked some weeks ago. Production halted and 2,300 people in different branches around the world were sent home as their production systems were essentially rendered useless by ransomware.
And Picanol wasn’t the only victim - Asco, Ranson, Oost-Vlaamse politieschool, Universiteit Antwerpen, Oxfam, Universiteit of Maastricht and Bouwpunt O.V.B have all been victims of recent cyber attacks. Two weeks ago the city council of Willebroek also fell victim, and they will surely not be the last…
Understandably, most companies that have been compromised by a cyber attack prefer not to go public unless they are obliged to do so, so it is possible that this is only the tip of the iceberg. With brand equity and stakeholder/customer trust at stake, this is perfectly understandable.
In the WEF’s (World Economic Forum) global risk report 2020 respondents (senior stakeholders and global leaders) identify cyber attacks directed at infrastructure and data as one of the top ten cyber threats in the near and long term future.
Cybercrime as-a-service is a growing business model. There has been a 300% rise in cyber attacks directed at IoT devices, and 75% of respondents believe that this will only increase. (Source)
All of the evidence suggests that cyber attacks will continue to rise in the future. People who still think this a temporary phenomenon could be in for a surprise. Yet there still seems to be a lack of responsibility within organisations, companies and governments. IT security should however be the responsibility of everyone in the business process.
Would you pay a ransom?
To avoid loss of revenue companies who are subjected to a ransomware attack often pay the ransom demand – which can vary 1,000 to 10 or even 100 thousand euros. In many cases this is less than the cost of recovering from an attack.
Restoring servers and data consumes a lot of time. But paying up doesn’t necessarily guarantee that the problem is solved. When all files and systems are decrypted with an encryption key provided by the perpetrators of the attack themselves, can you really trust that systems are now 100% clean?
When hackers are affiliated with criminal organisations, you can never be sure. The types and motivations of hackers are wide and varied - from black hats, white hats, grey hats, cyber terrorists, hacktivists and so on, each with their own goals and methods. Many hackers are financially motivated, but others are bent on destruction and offer no recovery in the short term.
And paying the ransom money actually means that you’re supporting those criminal organisations. Instead of paying a criminal organisation, those funds would have been better invested in next generation cyber security solutions and tools such as a NGFW (next generation firewall) and/or corresponding technologies such as SD-WAN, SDN, sandboxing, DLP, …etc.
Which next generation cyber security solutions should you choose?
First and second generation cyber security solutions typically only check file signatures, which can be easily adapted hackers. Today’s threats are far more sophisticated and therefore need a new approach.
That said, not every employee should or needs to be an expert in cyber security. Employee awareness is key, and should be made a priority. There is very often a human element to the origin of an attack - hackers are very inventive and will find new ways to dupe employees with disguised visits, professionally branded emails and accurate Office 365 lookalike links from “colleagues“.
So where should you start? A security audit is the best place to begin, as it will assess current risks and threats on a company network. Only when you know where the issues are can you begin to implement improvements.
NGFW and its functionalities
Product wise NGFW exists as a hardware appliance, virtual machine or docker setup, and is available from well-known leaders in the networking and security space such as Juniper, Fortinet, Cisco, Checkpoint, Palo Alto, etc. The best NGFWs combines the capabilities of traditional firewalls and adds next gen functionalities to include more layers of the OSI model during checks, which improves filtering of the network traffic resulting in deeper inspection.
This is a must as organisations adopt cloud services SaaS, PaaS and IaaS applications in a full or hybrid cloud setup. Platforms such as Amazon Web Services, Microsoft Azure and Google Cloud increase the complexity of the setup.
First and second generation firewalls include functions such as packet filtering, stateful inspection, NAT and PAT, URL blocking, VPN with QoS, but this isn’t sufficient for the holistic that is needed to combat current threats.
NGFW features to look for in 2020
The functionalities of NGFW include intrusion prevention (IPS), SSL/TLS and SSH inspection, deep-packet inspection, sandboxing, bandwidth control, reputation-based malware detection, as well as application awareness, whether or not integrated with 3rd party identity management systems (RADIUS, LDAP). These application-specific capabilities are meant to prevent the growing number of application attacks taking place at layers 4-7 of the OSI network stack.
For example an NGFW, as part of its anti-phishing capabilities, can check URLs sent in emails and block them if they lead to malicious sites. Attachments which are sent via messages on social networks can also be scanned and access prohibited if they contain malicious code.
It is more difficult to justify not having these measures in place, than it is to have them, wouldn’t you agree?