Over the past several months, Stratejm (www.stratejm.com) has seen the proliferation of ransomware and its impact to business continuity within the enterprise. Ransomware is a type of malware that restricts access to the infected node by encrypting the data and effectively locking the victim out until such time that a ransom is paid. Ransomware is generally launched vis-à-vis a social engineering attack vector (i.e. spear phishing).
To date, adversaries have largely focused their efforts on hospitals and healthcare providers who are viewed as easy and attractive targets. To bring further context, The Ottawa Hospital itself fell victim to a ransomware attack in March of this year that made headlines across the country (http://news.nationalpost.com/news/canada/ottawa-hospital-hit-with-ransomware-information-on-four-computers-locked-down).
On Tuesday, May 3rd Global News broadcast a report that adversaries are now beginning to attack Critical Infrastructure and that the threat is only going to spread and get worse (http://globalnews.ca/news/2676918/hackers-attacking-canadas-critical-infrastructure-and-its-only-going-to-get-worse/).
This reality combined with heightened sensitivity around cyber security being discussed in every boardroom is cause for great concern – and with good reason. There is no ‘easy fix’ for this problem – a silver bullet simply does not exist. To that point, we vehemently disagree with the Canadian Cyber Incident Response Centre (CCIRC) when they erroneously suggest that “ransomware can’t actually get to data” stored on enterprise SANs – this is simply untrue. The CCIRC further suggests that organizations can recover from such attacks through the use of snapshot capability typically incorporated as part of your enterprise back-up and recovery solution suite. Rest assured – sophisticated adversaries aren’t stupid – they know that the basic IR procedure incorporates remediation recovery and specifically design algorithms to attack and eliminate these targets first.
Unfortunately, such events will undoubtedly cause Corporate IT to receive and spend substantial sums of money on more and more security hardware, software and services in a failed attempt to gain advantage and build bigger walls around the enterprise. Security vendors and VARs will continue to reap the rewards of such a reactive approach with little benefit to the business, its shareholders, management, employees and customers.
As the creator of Canada’s first Security-as-a-Service (SaaS), Stratejm believes that such events underscore the importance of ‘good IT hygiene’ practices. The adoption of our SaaS effectively shrinks the threat surface to mitigate the risk of a malware infection (i.e. ransomware) metastasizing across the network. Stratejm’s SaaS incorporates vulnerability and asset management while simultaneously monitoring ALL IT assets to attain holistic, 360-degree visibility. We understand the relationships and interconnectivity of IT assets to the business, to each other and to individual users.
Before you go out and invest large sums of money and time into your next big security project, I encourage you to connect with myself or a member of my team to discuss how Stratejm can meaningfully and proactively reduce enterprise risk by substantially improving your enterprise security posture.