Cybercriminals think just like business leaders do, says Thomas Hansen, chief revenue officer of security vendor Carbon Black. Much like any business, they want to increase their revenue while reducing costs and risks.
“Like any market, there are new fashions and trends,” Hansen said during a presentation at the CDW Executive Summit in Chicago. “What we’re seeing right now is the ransomware era.”
The threat of ransomware has increased immensely in recent years. The first significant piece of ransomware, known as CryptoLocker, appeared in 2013 and reaped $27 million in ransom from its victims. In 2016, ransomware attacks tripled, and organizations worldwide paid roughly $1 billion in ransom to cybercriminals.
The costs are even higher when organizations factor in other costs, such as peripheral effects and reputational damage.
The results of individual cases are striking. Maersk, the world’s largest shipping company, suffered an infection in June 2017 that knocked out its entire network across several countries for days, Hansen said, adding that the company estimated its total losses at $200 million to $300 million.
Evolving Defenses to Meet Changing Threats
IT leaders need to take steps to reduce the risk of ransomware. In 2007, a stolen credit number was worth roughly $300 to cybercriminals, based on the amount of money they could steal before the account was closed, Hansen said. By 2015, that value had been reduced to around $8, as credit card vendors took steps to detect and address fraud more quickly.
A similar approach is necessary to defend against ransomware, Hansen said. Traditional anti-virus is effective at detecting malware with known signatures, but it has little effect against unknown threats such as zero-day attacks.
Some security vendors have taken an approach that observes activity at endpoints around the world to detect anomalous patterns and analyze them for threats. This helps organizations not only to detect previously identified attacks (as well as unknown attacks that are occurring now), but also to predict future attacks. For example, Carbon Black’s Predictive Security Cloud monitors data from 14 million data points and analyzes it for threats.
“This allows us to stream data to customers around the world to help them understand and minimize risk,” Hansen said.