A study on ransomware published by Sophos has shown that more than half of the medium-sized companies surveyed in Germany had been victims of ransomware in the last twelve months and that these companies suffered an average of more than 400.000 euros in damage due to the failure or restriction of business operations. A comment from Michael Veit, Technology Evangelist at Sophos.
A cyber attack is no longer the exception, as it was in previous decades. It is the norm today and affects organizations of all sizes. The almost daily headlines about new ransomware attacks on large companies, hospitals or universities are clear signs that the threat situation has changed in recent years and months.
Security in transition
Three to four years ago, during the Locky ransomware era, attacks were widespread. By paying relatively moderate ransom sums of 300 to 500 euros, victims were given the decryption code to access the private photo collection again, but also the data on the encrypted company file server. But then the cyber criminals increasingly began to focus on the really lucrative goals, on companies and other large organizations.
A study on ransomware published by Sophos has shown that more than half of the medium-sized companies surveyed in Germany had been victims of ransomware in the last twelve months and that these companies suffered an average of more than 400.000 euros in damage due to the failure or restriction of business operations.
Cyber criminals are changing their tactics on ransomware
In addition, the cyber criminals have changed tactics. After a successful infection, data is not immediately encrypted. Instead, the intruders are now slowly and cautiously peeking out corporate networks in order to identify promising business data and establish themselves on as many systems as possible within the network. And before the hackers actually encrypt data with ransomware, make backups unusable and partially or completely paralyze the company, the hackers first steal business secrets and personal data. Because if the hackers attack and encrypt computers and data using ransomware, they have the stolen data as a further leverage and threaten to publish it if the company concerned does not want to pay the ransomware ransom due to a good backup concept, for example. The publication of the stolen data threatens the company with a loss of reputation, damage through disclosure of trade secrets and, last but not least, penalties under the GDPR if personal data has been published. It is not for nothing that the Federal Criminal Police Office named ransomware as "the primary existential threat to companies" in its Cybercrime Bundeslagebild 2020 published in September 2019.
Traditional measures no longer offer protection
The question arises as to what organizations and companies can (and must) do to avoid becoming the next victim. There is no question that traditional protective measures such as firewall and anti-virus no longer offer adequate protection against professional attackers. The Bundesverband IT-Sicherheit eV (TeleTrusT), which among other things has a decisive influence on the assessments of cyber risk insurances, defines endpoint detection & response - abbreviated EDR - as "state of the art" in 2020. EDR is a holistic approach at the endpoint and server, which, in addition to modern protection technologies such as exploit and ransomware protection, also includes the company-wide detection of hacker activity and the containment of threats. With EDR, preliminary stages of attacks and hacking activities can be identified in the phase in which an attacker looks around the network and spreads.
EDR and MDR as new measures
However, in order to operate EDR effectively, specialized personnel are required - around the clock, on weekends and on public holidays. For this reason, more and more manufacturers and service providers are offering Managed Detection and Response (MDR) services that continuously monitor their networks for threats on behalf of the companies to be protected. In most cases, this service is cheaper and more effective than if a company set up its own Security Operations Center (SOC) for this purpose and staffed it with its own specialists.
When choosing an EDR solution, companies should make sure that the solution not only detects attacks in retrospect, but also prevents them from the outset with extensive NextGen endpoint protection functions. And if a company decides in favor of MDR, then the MDR provider should not only be able to detect an attack, but also to stop it independently after consulting the company concerned.
State-of-the-art IT security for companies
In summary, companies today have to put in much more effort in the area of IT security in order to protect themselves from highly professional attackers and protect themselves from damage. The traditional protective mechanisms alone no longer work - since this constellation can still be found in many companies, modern cyberattacks are currently so successful and find new victims every day. GDPR and cyber risk insurance require the "state of the art", which is defined today by endpoint detection and response solutions including professional operation. This is why companies de facto need managed detection and response services so that management and IT can meet the requirements. Because IT security is no longer about being seen as a cost factor as it was in the past - it enables nothing less than the survival of companies that use IT systems in some form.
More on this at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.