Oct 23 2017
Security

How to Get More Sophisticated About Fighting Ransomware

Protecting data from cybercriminals requires an analytical approach.
Matt McLaughlin headshot
by

Matt is an associate editorial director and award-winning content creation leader. He is a regular contributor to the CDW Tech Magazines and frequently writes about data analytics, software, storage and cloud topics. 

Cybercriminals think just like business leaders do, says Thomas Hansen, chief revenue officer of security vendor Carbon Black. Much like any business, they want to increase their revenue while reducing costs and risks.

“Like any market, there are new fashions and trends,” Hansen said during a presentation at the CDW Executive Summit in Chicago. “What we’re seeing right now is the ransomware era.”

The threat of ransomware has increased immensely in recent years. The first significant piece of ransomware, known as CryptoLocker, appeared in 2013 and reaped $27 million in ransom from its victims. In 2016, ransomware attacks tripled, and organizations worldwide paid roughly $1 billion in ransom to cybercriminals.

The costs are even higher when organizations factor in other costs, such as peripheral effects and reputational damage.

The results of individual cases are striking. Maersk, the world’s largest shipping company, suffered an infection in June 2017 that knocked out its entire network across several countries for days, Hansen said, adding that the company estimated its total losses at $200 million to $300 million.

Evolving Defenses to Meet Changing Threats

IT leaders need to take steps to reduce the risk of ransomware. In 2007, a stolen credit number was worth roughly $300 to cybercriminals, based on the amount of money they could steal before the account was closed, Hansen said. By 2015, that value had been reduced to around $8, as credit card vendors took steps to detect and address fraud more quickly.

A similar approach is necessary to defend against ransomware, Hansen said. Traditional anti-virus is effective at detecting malware with known signatures, but it has little effect against unknown threats such as zero-day attacks.

Some security vendors have taken an approach that observes activity at endpoints around the world to detect anomalous patterns and analyze them for threats. This helps organizations not only to detect previously identified attacks (as well as unknown attacks that are occurring now), but also to predict future attacks. For example, Carbon Black’s Predictive Security Cloud monitors data from 14 million data points and analyzes it for threats.

“This allows us to stream data to customers around the world to help them understand and minimize risk,” Hansen said.

11 Questions to Improve Security

Carbon Black’s Thomas Hansen suggests IT leaders ask these 11 questions to help their organizations defend their data from cybercriminals:

  1. Who is in charge of cybersecurity?
  2. How do we assess risk?
  3. Are we focused on attacks?
  4. What are our most important assets?
  5. How do we protect our most important assets?
  6. What is our biggest threat?
  7. What do we control?
  8. Are our incident and recovery plans tested?
  9. Would we know if we’d been compromised?
  10. In the event of a compromise, who would be told?
  11. Do we have the team and the budget to manage risk successfully?
PashaIgnatov/Getty Images

More On

Related Stories

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now