Security-On-Demand recently caught up with cybersecurity expert Sai Huda.
Sai Huda is a globally recognized cybersecurity expert and author of the best-seller, Next Level Cybersecurity: Detect The Signals, Stop The Hack. He is a frequent keynote speaker at industry conferences speaking on cybersecurity risk management best practices. Below are Huda’s insights on the ever-increasing threat, ransomware.
Q. Why is ransomware still a challenge?
Huda: It has been a challenge and will remain so for organizations of all sizes and types, no matter where they are located for three reasons:
1. It is easier for the hacker to execute because the work involved is less than with a data theft. It is a lot easier to make the intrusion and encrypt some of the data than try to exfiltrate all of it.
2. It is designed to spread very quickly and in stealth mode, so the end game is attained very quickly, which is to infect and lock out access to critical data unless a ransom is paid.
3. It has an immediate adverse impact on the victim since they can’t access critical data and aren’t able to operate, so there is a high probability the ransom will be paid to stop the pain and suffering.
Ransomware will remain a sleeper threat.
Q. Ransomware is pretty brazen and likes to make noise in an organization. Explain why you refer to ransomware as a sleeper threat?
Huda: Ransomware attacks will happen periodically and intermittently in various sectors. Most of the time it will be criminal organizations, but sometimes it will be a cash-strapped nation-state. Both are looking to make money. They want to catch the victim by surprise, so they will make variants or reuse previous ransomware that everyone thought went away. It will raise its ugly head all of a sudden in a sector and in an organization that may have put their guard down, and inflict significant pain and suffering.
Just take the recent example of the Ryuk ransomware attacking cities and municipalities in the U.S. or the SamSam ransomware that attacked organizations in the U.S. and Canada, providing over $6 million in ransom payments and inflicting over $30 million in losses. Even the NotPetya malware, which was made to look like ransomware, rapidly inflicted organizations in various parts of the world and caused over $10 billion in damages.
Q. Is there any way to prevent a ransomware attack?
Huda: Unfortunately, there is no foolproof way to prevent a ransomware attack. It is not an IF, but WHEN an organization will become victim to ransomware if targeted by a hacker. There are too many entryways for the hacker to intrude and infect with ransomware. Certainly, the organization should implement cyber hygiene and prevention controls, such as email scanning, next-gen security awareness training using simulations, segmentation, air gapping, and offsite off-the-grid data backups, among other controls.
Q. So is there anything an organization can do to mitigate the ransomware threat?
Huda: Yes, but we must realize that the end game is not full-proof prevention, because this may be impossible. The end game is timely detection to minimize adverse impact. Here are three proven best practices that every single organization must implement immediately by focusing on people, process and technology:
1. People. The human is the weakest link in the chain. They are very susceptible to being fooled by a phishing attack that leads to the ransomware being inserted. So security awareness training must be taken to a higher level, using next-gen simulation-based training both for employees as well as suppliers, to prevent being tricked, but also to know how to detect early signals of ransomware.
2. Process. Every organization must implement a “what-if reverse stress test” involving a ransomware attack. What if ransomware was inserted, spread and encrypted all critical data and brought your operations to its knees? Now reverse engineer the ransomware attack. This tracing will identify crown jewels, critical data needed for operations, and the weak links and blind spots that allowed ransomware insertion and infection. Then identify how and when you can get back in the saddle via backups and not have to pay the ransom. Failing to plan is planning to fail.
3. Technology. Even with enhancements to people and processes, ransomware detection technology is a must-have. A sophisticated anomalous behavior detection engine mapped to crown jewels and critical data that are the likely target of a ransomware attack is a necessity. The engine would go beyond a SIEM and identify signals of ransomware, separate from all of the noise, and detect the insertion early to prevent the spreading of the infection. The Security On-Demand technology stack is a perfect example of the state-of-the-art detection engine that is necessary for the fight.
In his book, Next Level Cybersecurity: Detect The Signals, Stop The Hack, he reveals signals of the hacker that were missed in the world’s largest hacks and ransomware attacks, and that continues to be missed today. If these signals are detected early, the hack or the ransomware attack can be stopped in time and loss or damage avoided. In this book, he shows a seven-step method using people, process, and technology to take cybersecurity to the next level and stay one step ahead of the hacker.
Next Level Cybersecurity: Detect The Signals, Stop The Hack is available on Amazon. For more information on the author, visit www.saihuda.com.