CS Mar Apr 2022
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ansomware<br />
a plethora of networks, applications and<br />
storages. However, the dilemma is that it<br />
is no longer feasible, or even possible, to<br />
consider all elements of the service topology<br />
as 'trusted'. Zero Trust is a critical concept,<br />
because it brings security to the users, data/<br />
information, applications, APIs, devices,<br />
networks, cloud etc wherever they may be -<br />
instead of forcing them onto a 'secure'<br />
network.<br />
"The cybersecurity industry is more difficult<br />
to navigate than ever before," he adds.<br />
"Continuous data breaches and ransomware<br />
attacks, which are impacting commercial<br />
entities and governmental agencies, prove<br />
that network-centric approaches no longer<br />
work. The industry needs to establish<br />
standards and best practices for Zero Trust<br />
as the overarching information security<br />
approach for the digital age and create<br />
models that are data- and asset-centric,<br />
as opposed to traditional network-centric<br />
approaches."<br />
DEPLORABLE STATE OF SECURITY<br />
The only success story we can attribute to<br />
ransomware is publicly benchmarking its<br />
victims on the deplorable state of their<br />
organisation's security, says Ian Thornton-<br />
Trump, chief information security officer<br />
for Cyjax. "Although sensational headlines<br />
about a company becoming a victim and an<br />
endless stream of cyber security vendor fear,<br />
uncertainty and doubt related to 'protection<br />
from ransomware', it seems most people<br />
have missed the point. A cyber security event<br />
that involves ransomware is the result of<br />
one or more cyber security failures at a<br />
technological or human level. In short,<br />
ransomware is the symptom of the disease<br />
of poor cyber security, not something which<br />
'just happens'."<br />
He likens ransomware's impact on an<br />
organisation to the three-act structure model<br />
used in narrative fiction that divides a story<br />
into three parts (acts). Often called the<br />
'Setup', the 'Confrontation' and the<br />
'Resolution', it was popularised by Syd Field in<br />
his 1979 book 'Screenplay: The Foundations<br />
of Screenwriting'.<br />
THE SETUP<br />
In the beginning, systems are brought to<br />
their knees - outages happen. that's a fact of<br />
life, but it becomes sinister the moment you<br />
are told the files are stolen, encrypted and<br />
you must pay not to have them publicly<br />
dumped and pay for a decryption key and<br />
software. "Just a point here. If you claim you<br />
are investigating a 'cyber security incident'<br />
and its ransomware, and yet it takes you<br />
more than a week to inform customers and<br />
regulators, you may need to question your<br />
organisations capacity for incident response<br />
and understanding of governance, risk and<br />
compliance."<br />
THE CONFRONTATION<br />
The middle of a ransomware event is<br />
the 'chaos' of the event itself, requiring<br />
extraordinary efforts to restore services and/<br />
or negotiate with the attackers. This is the<br />
organisation in 'true' crisis where the very<br />
worst days of everyone's working life are<br />
being played out. "The only word that can<br />
adequately describe the feeling is profound<br />
'tragedy' - it's a loss against malicious actors<br />
and all the stages of grief are played out as<br />
a mad hunt is on for the install CDs, the<br />
licence codes and the backup tapes. It's an<br />
extraordinary stressful time and the single<br />
most destructive words to utter at this<br />
moment are: 'I told you so'."<br />
THE RESOLUTION<br />
The end of the event is the realisation, after<br />
the extraordinary expenditure of time, effort<br />
and money, that the ransomware could have<br />
been prevented, mitigated, if only the security<br />
expense, life cycle management, asset<br />
inventory etc <br />
had all been done proactively. Every ransomware<br />
event comes with a healthy amount of<br />
hubris and lessons learned - only if the post<br />
event discussion happens. Most organisations<br />
survive a ransomware event, but it's financial<br />
impact and customer trust may take years to<br />
repair.<br />
"When we examine the big ransomware<br />
stories - at least the ones that share deep<br />
technical details - there are always items<br />
which we could have done better or been<br />
more prepared for," continues Thornton-<br />
Trump. "Since the first crypto locker viruses in<br />
2015, it's hard to be sympathetic towards<br />
organisations that succumb to this attack in<br />
2021, but it's understandable. If you think<br />
ransomware is what you need to protect your<br />
organisation against, you're missing the story.<br />
Ransomware is telling you about the state of<br />
your security."<br />
FINANCIAL INSTITUTIONS<br />
TAKE A BATTERING<br />
"Financial institutions are facing rising cyber<br />
threats and the warning from the FCA serves<br />
as a reminder that no business is safe from<br />
attack," says Fabien Rech, VP EMEA, Trellix.<br />
"We recently found that the financial services<br />
industry accounted for 22% of ransomware<br />
and 37% of Advanced Persistent Threat<br />
detections in Q3 2021. As cybercriminals<br />
adapt their methods to target the most<br />
sensitive data and services, FS firms must<br />
shore up their defences to mitigate further<br />
threats."<br />
How exactly? "They must deploy a security<br />
strategy that includes a living platform that<br />
can learn and adapt defences based on the<br />
threat. This platform generates and prioritises<br />
comprehensive threat insights from both<br />
outside and inside the company to adaptively<br />
strengthen detection, and it responds in realtime<br />
to active threats."<br />
According to research findings from Trellix,<br />
in the third quarter of 2021 "high-profile<br />
ransomware groups disappeared,<br />
reappeared, reinvented and even attempted<br />
to rebrand, while remaining relevant and<br />
prevalent as a popular and potentially<br />
devastating threat against an increasing<br />
spectrum of sectors. Even though<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Mar</strong>/<strong>Apr</strong> <strong>2022</strong> computing security<br />
29