AND YOU THOUGHT IT WAS OVER?

The hacker-creators of the WannaCry (a.k.a. WannaCrypt) ransomware virus have evolved their botnet worm without the “kill switch” that a 22 year-old computer researcher stumbled upon late Friday.  The three reported variants as of Monday, May 15, all employ the endpoint exploitation tools of phishing and embedded documents.

“We may still see significant impacts on additional networks as these malware attacks morph and change,” said Tom Bossert, the White House Homeland Security advisor, Monday.  He said, “The worm is in the wild,” before raising what could only be characterized as the alarm to batten down all endpoints as, “this was a vulnerability exploit as one part of a much larger tool put together by the culpable parties.”

At the time this blog was written, WannaCry ransomware could run in 27 different languages, and had infected more than 300,000 machines in 150 countries, cutting access to computers, servers, data and communications capabilities of hospitals, universities, warehouses, banks, telephone companies, automakers and more.  The U.S. Computer Emergency Readiness Team (US-CERT), issued an alert stating that the botnet was specifically targeting enterprise networks.

While the WannaCry ransomware authors have demanded up to $300 in Bitcoin per infected machine, according to Bossert, “We are not aware of payments that have led to any data recovery.”

Microsoft and various governments have stridently urged all IT professionals to update software and deploy endpoint patches to proactively avert infection.  Take note, however, all experts across the globe, agree that this is just the beginning of what is shaping up to be the Age of Ransomware.  Prevention, not just monitoring, will sort survivors from crippled or killed businesses.

NO WONDER IT SPREAD SO QUICKLY

One in 14 users still falls for a phishing scam, according to a Verizon’s just released 2017 Data Breach Investigations Report.  Of those who get hooked, for a quarter of them this is at least the second time they have failed to resist clicking on a seemingly innocuous yet unidentified link or embedded document in their email.

We all know how the rest of the story goes: The malware streams into their systems, to steal data, or much worse – to take control of the system to destroy it or ransom it back at a usually organization-destroying price.  According to the Verizon report, while ransomware is the fifth most prevalent form of malware, it is the No. 1 cybercrime being perpetrated today.

Small and medium-sized businesses should not take comfort that WannaCry seems to be targeting enterprises, at least for now.  What is also new in the report is that almost two-thirds, 61 percent, of data breach victims are small and medium-sized business with under 1,000 employees.

Why?  Because small and medium-sized businesses are the low hanging fruit.  They often either use outdated software; employ the least sophisticated cyber security abilities to defend themselves, if at all; and do not adequately and securely maintain back ups of their data.  It does not have to be that way.

THREAT ENVIRONMENT

The news is correctly reporting that ransomware, distributed denial-of-service (DDOS), and straightforward hacking attacks are evolving in sophistication.  In almost every cyber weapon vertical, the criminal dark web market has made available malware-as-a-service.  Let that sink in for a minute.

What this evolving threat environment now presents is that in addition to the criminal, whether they be cyber-geeks, adversarial governments, organized crime, terrorist organizations or business competitors, their purchased malware service comes with customer support to ensure the success of devastating the target.  Because non-coders can now deploy out-of-the-box malware, the web magazine CSOonline.com predicts that frequency endpoint exploitation will only intensify.

The online magazine also reports that cybercriminals are ditching the broad-spectrum spam attacks in favor of spear-phishing, targeting director-level users and up to the C-suite, to infect system networks with ransomware botnets.  It has been widely reported that in 2016 ransomware attacks increased by 50 percent.

Cylance Inc., an unrivaled leader in artificial intelligence (AI) endpoint security, has found that ransomware is used for much more than just ransoms, but to actually divert attention from even more nefarious objectives.

COSTS OF CYBER INSECURITY

It is not news that a solid cyber security strategy includes constant management, pro-active intelligence and precision monitoring to not only stop cyber attacks, but to prevent them in the first place.  What is difficult for the small and medium business is how to afford the tools that are seemingly only affordable within an enterprise-level security operations budget.  It is more affordable than most think.

Let’s first reverse engineer this cost challenge and look at the costs post-cyber attack.  If your business is something akin to a florist main-street shop, the nature of compromising data stored is limited to credit cards and the identities of the folks who made a purchase.  While the business will suffer and credit companies will be busy replacing cards, the loss is definitely painful, but not insurmountable for all.  The cost of a PCI data breach for a Level 4 merchant averages $36,000 and can be as high as $50,000 or more.

But what if your business is in a vertical that is subject to stringent data retention and protection regulations, such as energy, finance or medical?  For those verticals with sensitive data, in the three years since 2013, the average total cost of a single breach has increased by 29 percent to roughly $4 million.  What is more is that HIPAA penalties for noncompliance can range from $100 to $50,000 per violation or per record, with a maximum penalty of $1.5 million per year.  Criminal charges that can result in jail time can also be imposed.

MEETING THE COST CHALLENGE

Standing up a state-of-the-art cyber defense is not just technically daunting, it is expensive if an organization goes at it alone, no matter its size.  The cyber security bill is a list of costly entries that at a minimum will include roughly $119,000 for just one cyber security professional and software with a price tag as high as $105,000.

Sure, on its face this cost seems outlandish, but factor in that cyber security tools worth their salt are not cheap to design, deploy, manage or maintain.  The human experience and skills necessary to ensure that malware profiles are up to date and to monitor end points does not come from taking an online course, but is earned.  For a cyber security solution to be effective, it must be pro-actively engaged 24/7.

We work with Cylance Inc., a company that has been repeatedly recognized as being on the cutting edge of pro-active cyber security solutions, to deliver security as a service to our clients.  Because Cylance Inc. solutions are based on artificial intelligence (AI), it is revolutionizing cyber security to focus on prevention, rather than simply reacting to threats.

HOW CYLANCE’S SECURITY AS A SERVICE WORKS

Much has been made of how intelligent applications and appliances _ the internet of things _ combined with AI will improve our standards of living, efficiency in industry and the quality of service delivery.  AI is now the affordable state-of-the-art tool to proactively combat cyber crime.

Cylance Inc. is at the absolute forefront of developing security-as-a-service solutions that combine algorithmic science, machine learning and AI to predict and prevent known and, better yet, unknown attacks.  In addition to good old-fashioned intelligence to keep malware profiles up to date, Cylance Inc. employs cutting edge predictive analysis processes to quickly identify what is safe and what is a threat at the most vulnerable gateway, the end point, before an organization’s data environment is infected with malware execution.

Cylance’s security as a service, works much like Software as a Service, and is similarly billed on a subscription basis, which means this investment in securing your system is predictable and falls into the operations costs column.  Plus, because Cylance focuses on preventing advanced threats, it reclaims time and resources that would be consumed by incident response, downtime and data loss, not to forget fines or other punitive measures.

Cylance technology is deployed on more than four million endpoints and protects hundreds of enterprise clients worldwide, including our clients.

Global IP Networks along with Cylance can assist in best effort rumination by managing and monitoring 24x7x365. Contact us today to discuss licensing and implementation!