Intelligent CIO Middle East Issue 14 | Page 58

INTELLIGENT BRANDS // Enterprise Security powered by

It’ s not difficult to wrap your brain around how ransomware could do serious damage to businesses. But how, exactly, do CISOs and other security executives deal with the infection and its aftermath? Let’ s take a closer look at three different potential ransomware infection scenarios.

Let’ s say there are three types of business leaders who deal with computer systems— whether that’ s a small business owner or a highlevel security official at an enterprise company. Each of these leaders have different opinions about computer security. They can be defined as follows:
• The prepared one
• The reactionary one
• The naive one
Prepared Our first leader, the prepared one, likes to think that they have done everything in their power to mitigate an attack – keeping the system upto-date, using security software and providing employee training on how to avoid things like phishing attacks. Unfortunately, one of the employees visited a popular and well-respected website that was dealing with a malicious advertising attack. The attack launched a zero-day driveby exploit on a work system. The exploit installed a brand-new family of ransomware, meaning that many types of security software would be unable to protect the system.
This method, while pretty unlikely, can circumvent many security solutions currently in place. And while it won’ t take long for the security industry to start detecting and preventing this type of attack, our business leader has had the customer database encrypted by cybercriminals asking for lots of money.
Reactionary Our next leader thinks that only gullible and ignorant people get infected with malware, and that by avoiding obvious bad sites and deleting obvious phishing emails, the business is protected from a threat. Many threats can be avoided through user education; however, not all of them, and certainly not the ones that cause the most damage.
So without concern, the leader allows his employees to conduct work, check social media and install software on work computers. Then one day, an employee gets an invoice from a local vendor she uses, same as she does every month, but this time, the email address is spoofed and the invoice is actually a script which neuters any security software and downloads malware. Suddenly, that employee has been infected, and since security software has been disabled, all mapped drives get encrypted, basically stealing thousands of dollars of information in just a few minutes.
Naive Our final leader just doesn’ t know enough about computers. He has a few terminals set up but they are all using either trial security software, or whatever was cheapest at the time. The leader hears about all of these cyberattacks on the news but has no idea how to protect his business. He shrugs it off as not that important— after all, the media does tend to exaggerate, right?
Well, in some cases yes, but in others, they downplay a threat. Either way, the leader suffers from what is known as“ security fatigue” or the lack of concern that arises after one is bombarded with news about breaches, malware, hackers and other cybersecurity issues.
Once security fatigue sets in, the overwhelmed feelings turn to apathy. Unfortunately for the leader, one of the employees downloads a malicious torrent online, thinking it was a movie, and decided to watch it on a company system during his lunch break. Now, all of the networked systems are encrypted, but the most damaging is a folder that keeps all his business secrets, such as blueprints.
Recovery So our leaders are all infected with ransomware, each one having been hit in different ways and each losing various kinds of data. There are different ways to handle the aftermath of an attack to varying methods of success from backup to decryption and even negotiating the ransom fee.
Malwarebytes would always recommend that you take proactive steps to keep your company’ s files form being held hostage in the first instance. For more information, visit www. malwarebytes. com / ransomware
58 INTELLIGENTCIO www. intelligentcio. com