Security Market Segment LS
Thursday, 03 September 2020 23:32

If you were 'king,' how would you defeat ransomware? Featured

By
If you were 'king,' how would you defeat ransomware? Image by OpenClipart-Vectors from Pixabay

iTWire asked a number of IT security executives for their best thoughts on defeating ransomware. Here's what they had to say.

This is the question we posed. "If you were 'king,' and had all the power you needed, how would you go about defeating the entire ransomware industry?"

Responses varied widely. Some decided to take the whimsical path and proposed personal powers, others thought to be more 'practical.'

 

Resigned to the fact

Many expressed a broad resignation as to the likely futility of defeating ransomware and instead boldering defenses.

Sean Duca, Vice President and Regional Chief Security Officer, Asia Pacific and Japan, Palo Alto Networks, for instance said, "Ransomware is constantly evolving so instead of focusing on the threat, I'd much rather emphasise on prevention." Gilad Bandel VP Product and Marketing at Arilou automotive cyber-security added, "Since attackers will always exist and in many case are beyond the reach of the legal forces the proposed course of action is protection in many senses such as secure by design, intrusion detection/prevention systems effective CERT-IR teams, etc."

It probably can't be fixed

Many of our panel were resigned to the fact that it really can't be fixed.

Casey Ellis, Founder and CTO, Bugcrowd, "The problem with ransomware is the minute you find a way to wipe it out and make it more difficult, the bad guys don't pack up and go home. They find a way around it. It's like an arms race that goes on and on."

Garrett O'Hara, Principal Technical Consultant, Mimecast added, "In all seriousness: No King can stop all ransomware attacks regardless of how benevolent he is, or how good his intentions are. A good king would understand this and act accordingly."

Ellis continued, "At the risk of oversimplifying, many of the pervasive and longstanding security issues that have persisted for decades explain the rise of ransomware. Ransomware exploits often take advantage of older infrastructure and software. It also depends on inattentive or unsophisticated users to activate attacks with an errant click or download.

 

How we are falsely trusting?

Ellis: "I would mandate that people who design software include ways to make insecure decisions more obvious to non-technical users. Software manufacturers don't always build the solution in a way that can help users understand the technicalities.

"What we have seen through ransomware incidents is that these manipulative attacks also take advantage of the victim's trust in a domain or application — tricking them into thinking that they're visiting a site they trust. Just like phishing emails, users should know not to click on or download things unless they understand the source."

 

Defensive techniques

Duca was adamant that "Cybersecurity needs to be a zero-trust game. So my immediate three priorities would be to:

Educate people and businesses on the value of their data

This sounds simple but not many people truly understand how valuable their data can be to cybercriminals. According to The Australian Cyber Security Centre(ACSC), Australians are reporting cybercrimes every 10 minutes with an average loss of $700 - that is a lot of money to lose regularly.

If people won't allow themselves to be robbed in broad daylight, there's no reason to allow or encourage (with poor cybersecurity) this behaviour online. A good way to start is with training and education programs in schools, businesses, and organisations to raise awareness and understanding.

Protect what matters to us and our businesses

No one can ever really predict a cybersecurity crisis and we need to do more to protect ourselves. No one willingly leaves their front doors open to encourage theft so similarly, we should keep our online front doors shut and reinforced with locks for safety.

This is especially critical for businesses: Put in place an effective cyber resilience plan that follows the trail of your data - one that alerts you when there's ransomware tries to make a move on it. If and when attacked, you can disconnect that system from your entire network, to limit the blast radius and give yourself time to prevent it from affecting the rest of your organisation. Steps like these can help mitigate the worst effects of an attack with minimal downtime.

We all have a role to play in cybersecurity

Cybersecurity is a team sport where everyone (individuals, businesses, and the authorities) need to work together to safeguard the data and integrity of assets belonging or connecting to any organisation's network or even to our home networks.

The more united we are in our approach against cyber attackers, the harder it will be for them to put our finances at risk, steal our information, and disrupt our livelihoods."

Similarly, Stephen Burke, CEO and founder of Cyber Risk Aware added, "I would offer ransomware decryption keys 'to the kingdom' by making available all of the collected decryption keys that are available owing to those who have already paid a ransom. I would offer them free of charge to any newly affected company or individual."

Further, Burke offered, "I would also issue an edict mandating all companies to:

Ensure backups are in place and are regularly tested.

Keep copies of backups off the network

Provide Security awareness for staff on what ransomware is and how it is their actions that cause over 86% of infections by opening and clicking on emails.

Patch systems all systems AND software so vulnerabilities can not be exploited."

Casey Ellis adds, "Crowdsourced security provides an added layer of defense, as a crowd of good-faith hackers can uncover vulnerabilities before the bad actors can take advantage of them. Having a vulnerability disclosure program is vital for businesses today."

 

Prevention

Putting on his kingly robes, Garrett O'Hara opines… A benevolent king would work to:

Create consistent cyber security standards and processes across the kingdom, and wisely use incentives to ensure organisations align to them. The king would use positive rewards to motivate businesses to ensure their cyber security standards don't jeopardise the kingdom's subjects. Perhaps a front row seat at the next jousting tournament. The king would also punish businesses who were careless with their cyber security practices, giving fines or time in the dungeon to repeat offenders.

Make sure all his subjects were educated on the risks of ransomware. He would use advertising approaches to cut through people's busy lives and make sure they know what could happen if they click on the wrong link, open an attachment that is dangerous, or provide their details to a rapscallion.

Use the best available technology to protect his citizens. Make sure they have good email security protection that can see if links or attachments are bad, or if an email is a scam. Make sure they have good web security, and EDR. And he would make sure that as new campaigns were happening that threat intelligence was shared with his trusted subjects so they could be proactive in protecting themselves and their businesses.

Ellis adds, Bottom line: organizations, private and public sector, must educate their employees around the risks, and simultaneously ensure that their software and hardware are up to date. And it is very important for software manufacturers to design their applications with the non-technical user in mind.

 

Penalties and remedies

Going hard at the problem, Gilad Bandel suggested, "If by any chance an attacker is caught by the authorities, harsh punishment should be inflicted." If only we had the international treaties to prosecute these people, but too many countries will protect their citizens.

Max Henderson, Incident Response Lead/Senior Security Analyst, Pondurance was more expansive - "The most important piece comes down to extradition, as we see the Dridex gang was indicted yet still operates on a massive scale. We frequently see ransomware groups generate killswitches for computers in nearby countries/languages, likely out of fear for legal retaliation. Additionally there's visibility pieces such as tracking Tor and VPNs to true source IP's."

 

 Being a 'King'

When pressed for a 'kingly' response, Henderson responded, "I'd relinquish power and establish democracy." As if that would work!

Finally, going to a degree of extreme, Garrett O'Hara said, "I would ban the internet and then remove all computers, servers, smartphones and tablets from the kingdom. I would issue an edict outlining our return to paper, pens and the mighty abacus. The underground market in devices that springs up would be quashed and those subjects found selling illegal hardware would be sentenced to ten years of watching "CSI: Cyber" in government controlled rehab centres. The worst offenders would undertake community service helping stranded astronauts, international down-on-their-luck royalty and recent lottery winners as they figure out how to spend their newly gained riches."

 

Conclusion

We were really hoping for a couple of magical bullets to arise from this discussion, however, it seems we're stuck(?) with all the standard advice - educate the users, be vigilant and have great backups.


Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.

CLICK HERE!

WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.

REGISTER HERE!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments