Cisco expert: How to tackle an increase in ransomware
Scott Manson, of Cisco, says: "For years, Cisco has been warning defenders about escalating cybercriminal activity around the globe." 

Cisco expert: How to tackle an increase in ransomware

We asked Scott Manson, Cybersecurity Lead – Middle East and Africa, Cisco, what enterprises can we do about the expected increase in ransomware and cyber-extortion tools. Here is his response:

One of the most important developments in the attack landscape in 2017 was the evolution of ransomware.

For years, Cisco has been warning defenders about escalating cybercriminal activity around the globe. In our latest annual cybersecurity report the advent of network-based ransomware worms eliminates the need for the human element in launching ransomware campaigns. And for some adversaries, the prize isn’t ransom, but destruction of systems and data, as Nyetya – wiper malware masquerading as ransomware – proved.

The financial cost of attacks is no longer a hypothetical number. According to the Cisco 2018 Security Capabilities Benchmark Study, more than half of all attacks resulted in financial damages of more than US$500,000, including, but not limited to, lost revenue, customers, opportunities and out-of-pocket costs. Faced with potential losses and adverse impact on systems, organisations need to move beyond relying solely on technology for defence. That means examining other opportunities to improve security, such as applying policies or training users.

Before the rise of self-propagating ransomware, malware was distributed in three ways: drive-by download, email or physical media such as malicious USB memory devices. All methods required some type of human interaction to infect a device or system with ransomware. With these new vectors being employed by attackers, an active and unpatched workstation is all that is needed to launch a network-based ransomware campaign. WannaCry and Nyetya could have been prevented, or their impact muted, if more organisations had applied basic security best practices such as patching vulnerabilities, establishing appropriate processes and policies for incident response and employing network segmentation.

Defenders will find that making strategic security improvements and adhering to common best practices can reduce exposure to emerging risks, slow attackers’ progress and provide more visibility into the threat landscape. They should consider:

  • Implementing first-line-of-defence tools that can scale, like cloud security platforms.
  • Confirming that they adhere to corporate policies and practices for application, system and appliance patching.
  • Employing network segmentation to help reduce outbreak exposures. Adopting next-generation endpoint process
  • Monitoring tools
  • Accessing timely, accurate threat intelligence data and processes that allow for that data to be incorporated into security monitoring and eventing
  • Performing deeper and more advanced analytics
  • Reviewing and practicing security response procedures.
  • Backing up data often and testing restoration procedures – processes that are critical in a world of fast-moving, network-based ransomware worms and destructive cyber weapons.
  • Reviewing third-party efficacy testing of security technologies to help reduce the risk of supply chain attacks.
  • Conducting security scanning of microservice, cloud service, and application administration systems.
  • Reviewing security systems and exploring the use of SSL analytics – and, if possible, SSL decryption.

Defenders should also consider adopting advanced security technologies that include machine learning and artificial intelligence capabilities. With malware hiding its communication inside of encrypted web traffic, and rogue insiders sending sensitive data through corporate cloud systems, security teams need effective tools to prevent or detect the use of encryption for concealing malicious activity.

Click below to share this article

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive