At this point in time there is no way to stop a CryptoLocker or other ransomware attack where potentially every computer on your network becomes encrypted – essentially locked, forcing your company to pay a ransom to get your data back. As a business owner or shareholder, there should be few things scarier to you than learning your entire business has come to a screeching halt because one user clicked on a link they shouldn’t have.
Moreover, you then need to decide if you want to start negotiating with the cyber-thief or cyber-extortionist to ensure you stay in business.
What is the answer? Sadly, there is no way to be 100% sure you won’t get hit. In fact, the odds are, over time, all companies will get infected with some form of malware. Quite often, they have to deal with many forms of malware each year.
If you haven’t audited your backups for freshness and accuracy – ensuring every important directory is being baked up daily, please stop reading and get to it right now. Believe me, nothing can be more important to your business than ensuring all your important files are easily accessible. Moreover, be sure you can get all your data back very quickly – some backup vendors which offer low-cost service may make you wait a week or more to restore your data, which could be the difference between closing shop and staying in business.
Having said that, I’m glad you’re back. Let’s assume you have your backups taken care of… Now, what about stopping infections? Endpoint security can help – virus checkers, malware detectors, etc. You almost can’t be too safe. But even with an array of products installed, your company can still be a victim.
The best solutions are to educate your workers frequently with a training program which emphasizes security best practices and also tests workers by sending them test emails to see if they click on things they shouldn’t.
At this point, you need an anomaly detection/analytics solution to continuously scan your network and computers to ensure anything out of the ordinary is detected immediately and dealt with. In other words, a network motion detector.
Think about it – you can have alarms on the doors but a determined individual can still bypass this security and get into a home or office. The motion detector scans for abnormal behavior – movement when there shouldn’t be any.
This is what network anomaly detection does for your company – it detects activity which is out of the ordinary.
Recently, two government entities in the same city got hit with TeslaCrypt, a ransomware Trojan targeting computers with particular games installed as well as Microsoft Word, Adobe PDF and JPEG files. One of the agencies in question used the Apex anomaly detection solution. In ten minutes after the first infection, an alert was generated and the infection was stopped from spreading. In total, 18 computers were infected before the infection was stopped.
The other agency did not have anomaly detection and after three hours, their entire network of over 600 computers and servers were encrypted and hundreds of computers had to be restored from backups which were two weeks old. At a cost in productivity and downtime of over $1.5 million dollars*.
The bottom line is, you can never be 100% certain you company won’t get infected by malware or become a target of a cybercrime. Just as any building with items of value can benefit from a motion detector, your business, which is connected directly to every cybercriminal on the internet, demands the digital equivalent of motion detection which is anomaly detection/network analytics.
*Assumptions: 2 weeks out of 50 working weeks with 550+ workers at an average salary of $70,000 equates to about $1.56 million. Assumes 50 physical/virtual servers were also infected. Another $100,000+ can be attributed to labor to get the computers wiped and restored.
Apex Technology Services Anomaly Detection Solutions and cybersecurity training should be your first line of defense against attacks. We service financial, insurance, healthcare, legal and other companies in New York, Connecticut and virtually anywhere in the world you can use the highest quality solutions.