It’s time to stop ransomware in its tracks
Only 16% of organizations have reported no security incident types related to phishing and ransomware in the past 12 months. That’s according to a survey done by Osterman Research. For most of us, though, phishing, particularly ransomware, has become an all-encompassing worry.
The story of the healthcare system in Ireland, which was hit with a sophisticated ransomware attack that affected over 2,000 patient-facing IT systems and 80,000 devices, is instructive. Thousands of appointments, cancer treatments and surgeries have been delayed or canceled.
The Irish are re-building the affected applications from scratch, a process that will cost millions of dollars and take weeks. According to the AP, Conti, a Russian-speaking ransomware group, is demanding $20 million. The Irish have said they will not pay.
There’s a reason you’re seeing ransomware in the news nearly every day and a reason why ransomware almost caused a gas crisis in the US. You’ve seen the reports: There were multiple attacks at hospitals. One at Vermont’s largest medical system was so bad that the electronic records were down for nearly a month. Doctors were forced to turn away hundreds of cancer patients and could only treat 25% of its normal chemotherapy patients.
There were attacks on transportation agencies and on public utilities. A city in Missouri had its residents pay bills via a drive-through window after online systems were attacked.
In Florida, Broward County Public Schools, the sixth-largest school district in the U.S., announced that it was hacked by a group demanding $40 million in ransom, to which one negotiator replied, “This is a PUBLIC school district. You cannot possibly think we have anything close to this!”
Why is ransomware increasing by an estimated 6%, according to the 2021 Verizon Data Breach Investigation Report? There’s a simple formula.
Data + accessiblity = more attacks
Think about healthcare organizations for a second. Healthcare organizations hold incredibly valuable personal data, from medical records to social security numbers to credit cards to addresses. This is a gold mine for hackers, and they’re targeting it.
Plus, healthcare organizations are largely underprepared for such attacks. Some 87% of organizations say they don’t have the proper personnel in place to defend against such attacks, an increase of more than 10% from 2017. Another study found that 32% of hospital personnel haven’t received proper security training; 52% of businesses believe they are at risk due to employee awareness. Only 18% of healthcare organizations have dedicated 7% or more of their IT budget to security; 41% have dedicated less than 3%.
When there’s accessibility to valuable data, attacks will occur.
Consider the story of a clinical research organization in the Southeast. Initially using Proofpoint, they were being bombarded with attacks, an issue due to the incredibly sensitive data they held. It was so bad that the IT department had to manually send email warnings, instructing employees not to click on the malicious links that had recently reached their inbox. The constant need to monitor and react to missed attacks was both time-intensive and a high-profile reminder to everyone that IT had not yet solved the phishing problem.
Upon deploying a trial with Avanan, things changed for the better. On the first day, Avanan caught a whaling attack targeted at the CEO. It had bypassed both Proofpoint and Microsoft. “It was a game-changer,” the IT Director said.
Ransomware is everywhere. It’s not going to stop in healthcare. It’s not going to stop in education. Quite simply, it’s not going to stop. You need a solution that is all-encompassing to prevent such attacks, including:
- Multi-BCC emails, emails with malicious content, deleted sent messages, etc.
- Email rules that demonstrate embed behavior.
- New API connections, especially to new or untrustworthy apps.
- Connection of shared services, public folders, etc.
- By correlating between the different behaviors, we build a full picture assessing what damage was done and what vulnerabilities now exist.
- Deviation for the user’s standard behavior profile – devices, geos, time-of-day, etc.
As long as there’s access to valuable data there will be ransomware attacks. The ante will increase and hackers will get ever-more brazen. It’s time to stop it in its tracks. Deploying a full-fledged solution is the only way to stop it.
Learn more about how to reduce the risk of phishing and ransomware by downloading this whitepaper.