The recent hacking of servers from the Professional Golfers Association (PGA) from America, aimed at files related to the PGA Championship and Ryder Cup golf tournaments, is an example of the threat of the cyber defense of organizations by increasingly advanced types of malicious software.
The continuous growth of digital technologies, automation and the internet of things creates numerous opportunities for companies; for example, capturing and using real-time data to gain competitive advantage and to increase those most important margins.
At the same time, this marriage of old and new technologies has introduced unprecedented forms of cyber risk and provides criminals with additional routes of attack that, if ignored, can put an end to business.
Recognize the threat
The rapid growth in digitization and automation was accompanied by the emergence of a form of cybercrime based on the use of ransomware to extort money – often in the form of bitcoin. As can be seen in the case of PGA, ransomware locks systems and refuses access to data until the ransom is paid. After the typical rule, the PGA hackers warned that any attempt to crack the hacked file encoding would result in the permanent loss of the data they contained.
With the increasing digitization, previously unrelated parts of the business activities of an organization can now become part of a broader interconnected IT network. This became clear in the PGA hack: the infringed files contain marketing material, including logos, relating to the two golf championships. Integration and connectivity will undoubtedly bring multiple operational benefits, but teams that provide security for internal IT networks are now faced with much larger attack areas to protect.
Defense against cyber attacks is or should at least be a high-level priority for companies and organizations. An aversion to cyber security investments will make companies more and more vulnerable to new and emerging forms of infiltration. Ransomware attacks, although far from new, are becoming increasingly relevant and in some cases more complicated to defend.
The consequences of ransomware
When downloading ransomware, it quickly encrypts files and data about the victim's infrastructure, blocking access and even halting operations. This can quickly damage the relationship with customers and entail huge costs due to the loss of intellectual property or essential company data.
Ransomware is usually delivered via a simple phishing e-mail, which contains a misleading attachment to open the victim. Once encrypted, the attachment encrypts the data in the user's system and provides a message with details about the conditions of the ransom and the amount of payment required to access the decryption key.
The damage caused by ransomware is historically dependent on the specific individual in a target company and the extent to which they are connected to the broader network. More recently, we have seen variants of ransomware that have extended their range beyond the hard drive of a single PC. Instead, they search for & # 39; privileged & # 39; accounts – accounts that provide advanced administrative access – to go wider within the network and search for business-critical files for encoding. This way, by infiltrating only one account, the ransomware can penetrate a much larger part of the network to stop crucial files and data and make it even more expensive for businesses.
Most anti-malware and anti-ransomware solutions are currently focused on detecting and blocking infections at the time of infection. These solutions are useful if you know what you are looking for, but ransomware continues to evolve, with new variants that appear every day. Companies and organizations must therefore use a multi-layered approach that applies application controls and removes local privileges (the ability to access more sensitive parts of the network) from regular PCs. This will reduce the surface for attacks and block their progress.
Steps must also be taken to protect the most sensitive files in the organization. The use of gray-listing – an approach that denies reading, writing and modifying file permissions for unknown apps or applications that are not trusted or certified, allows ransomware to run harmlessly, preventing the company from accessing and encrypting business-critical files.
Making a backup of an organization's data is a simple but essential defense method in the battle against ransomware. With multiple generations of backups – taken from automatically backed up data at various intervals – the system can be erased and restored in no time, eliminating the threat of ransom.
Because companies and organizations embrace digitization and automation to gain access to the benefits of operational integration, cybersecurity must be a first consideration. By allocating the same time and investments to protect their assets with the highest value through improved cybersecurity, organizations can limit the impact of fast-growing threats such as ransomware and ensure that their business remains securely operational. With high-profile incidents such as the PGA hack that continues this month, it is essential that companies look closely at their processes to ensure that they do not succumb to the same fate.
David Higgins is director of customer development EMEA, CyberArk.