The number of reported ransomware attacks continues to rise.  In May of 2017 Kaspersky reported an increase of 250% of mobile malware compared to last year.  According to Steve Morgan at Cybersecurity Ventures  “The total cost of ransomware is expected to exceed $5 billion in 2017 compared with $325 million in 2015.”  That’s a 15-fold increase over the last two years!

Low Hanging Fruit

Have you heard the story of the two campers who encountered a grizzly bear while camping?  When one of the campers starts putting on his running shoes, his friend looks at him and says, “you can’t outrun a grizzly bear!”

To which he responds, “I don’t have to outrun him.  I just have to outrun you!”

In a similar way security is about being more secure than the majority of targets.  Almost anyone working in the security industry will tell you, trying to make any system 100% secure is almost impossible.  But making it more secure than the effort it’s worth, that’s very doable.

Why Antivirus fails

I’ve lost track of the number of times that we’ve had new clients bring us infected computers asking, “I had an antivirus.  How did it fail to protect me?”  The answer I’ve given is to share the story of Brian Dye, who in 2014 as the Sr. VP of Information Security of Symantec (the largest antivirus company in the world at the time) made the comment at a press briefing that “antivirus is dead”.  He went on to explain his point, that his company was adjusting their strategy to a broader approach around endpoint protection because antivirus alone was no longer sufficient to effectively protect against the new emerging threats.  Most users are unaware of this trend because they don’t work in the IT security industry where we are bombarded daily with it every day.

The Fisherman and the Hunter

The perception many people have about hackers is that they pick a company or individual and try to hack that company’s network or individual computer.  The reality is that most attacks don’t target a particular company or user, but rather they look to exploit a specific vulnerability.  They distribute their payload in a scam email to a vast list in order to see who will fall for their ruse and which of those are unprotected.

Because it’s a numbers game, invariably some users click the link in the malicious email.  If any of those

systems are not protected against the targeted vulnerability, the attacker is successful in compromising that system.  As you see, this kind of attack isn’t a hunting expedition so much as a fishing trip.  You only become a victim if you happen to get “snagged in the net” by failing to recognize the scam and then failing to have provided protection against the targeted exploit.  Attackers typically target vulnerabilities that are discovered in the Windows operating system or out-of-date browsers.  This is why ensuring 100% of your systems are patched against such exploits is a crucial part of cyber-defense.

However, sometimes these exploits are so recent that the vendors don’t yet have a patch.  This is where avoiding the scam by recognizing the malicious email becomes your best defense.  The industry of cyber-security awareness training is booming lately.  It only takes one employee who’s not savvy enough to avoid the attack for your whole network to be compromised!  So having a formal training program in place is crucial to protecting you, but also it is often a requirement to qualify for insurance coverage of a business interruption due to cyber-attack.

Who Put a Hole In the Fence?

While the majority of these attacks are initiated through email, it’s not unusual for web sites to be compromised and used for malicious purposes too.  Several years ago a particular computer manufacturer shipped their systems with adware (annoying software that causes ads to pop-up on your screen even though you didn’t request them).  Charging advertisers to supplement the cost of a system has become a common practice among many PC makers and although irritating, it’s how they compete with the bargain basement PC market.

The problem this time was that the provider of the pop-up ads failed to vet their advertisers properly and one “advertiser” published an ad that included malicious code.  As a result, without user approval, a web page with malicious code popped up automatically on the screens of these PCs.  Thankfully most of our clients had a content filter that recognized the origin of the site as one with a poor reputation, and the content was consequently blocked.  But the PC manufacturer has sustained a black eye in the industry from this incident.

To the Point

My position on network security is that the most important factor in protecting your systems from intrusion is to make sure that 100% of your systems are patched consistently.  We use central monitoring tools to track this and deal with the exceptions.  The second most important is to have a reputation based content filter.  The one we deploy for our clients also allows for filtering of inappropriate content and provides visibility as to what Internet sites are being accessed.  Coming in at the third most important, a reputable centrally managed and monitored antivirus.  Similar to our patch management tools, the antivirus reports its status to our network operations center so that, when there’s a problem, we can address it quickly.

Not Sure?

If you’re not sure you have these precautions in place and you’re ready to increase the level of security at your office, call us at (850) 426-4370 and we’ll be glad to help you identify the vulnerabilities of your current configuration and “fix the holes in the fence” to keep the bad guys out.

-Cameron Rowe, President of CRC Data Technologies