26 May Doing Business In “The Year of Ransomware”
Email security, phishing detection and response are top priorities
New York City, N.Y. – May 26, 2021
2017 was supposed to be the “year of ransomware.” That’s when shipping giant Maersk suffered a ransomware attack that cost it $200-300 million and forced the company to use Post-It notes to move goods.
As it turns out, 2021 is the real year of ransomware.
Not a day goes by without mention of yet another ransomware attack. From attacks on healthcare institutions — like the 27 in France in 2020, or the over 600 clinics and hospitals in the US — to the education sector, which is now the leading recipient of such attacks, leading to “ransomware days” becoming more common than snow days, ransomware is a way of life. According to Department of Homeland Security Secretary Alejandro Mayorkas, it is now a “national security threat.”
That statement was given before the latest major ransomware attack took place. In early May, Colonial Pipeline, operators of a fuel pipeline that supplies 45 percent of the gas and jet fuel supplied to the East Coast, said they were hit with a ransomware attack. Certain systems were taken offline; pipeline operations were temporarily halted. Some 100 gigabytes of data were stolen.
This attack has focused national attention on this attack form. Now, ransomware is becoming a buzzword in every home and business. Maybe it should’ve been already. The total cost of ransomware payments doubled year-over-year for the first half of 2020. Research from Cybersecurity Ventures indicates ransomware damage costs will be in the neighborhood of $20 billion in 2021 — and a business will suffer a ransomware attack every 11 seconds.
Hospitals bear a significant brunt of ransomware, all while dealing with a pandemic. An attack on Vermont’s largest medical system was so bad that the electronic records were down for nearly a month, doctors were forced to turn away hundreds of cancer patients and were only able to treat 25 percent of its normal chemotherapy patients.
In 2021, there were attacks on transportation agencies and public utilities. A city in Missouri had its residents pay bills via a drive-through window after online systems were attacked. In Florida, Broward County Public Schools, the sixth-largest school district in the U.S., announced that it was hacked by a group demanding $40 million in ransom, to which one negotiator replied, “This is a PUBLIC school district. You cannot possibly think we have anything close to this!”
Defending against ransomware will become the topic du jour, both as a matter of national security and to protect companies of all sizes in all sectors. If you haven’t before, you need to bolster your protection.
The number one cause of breaches is email, and 96 percent come through social actions like phishing. That means you need a solution that stops breaches before they start.
What do you need to be looking for? First, you need a solution that prevents malicious emails from reaching the inbox. By letting it through and then retracting it later, you’re raising the likelihood that an employee might click on something they shouldn’t. Further, you need a solution that has a machine learning algorithm that detects anomalous and suspicious behavior, like:
- Multi-BCC emails, emails with malicious content, deleted sent messages, etc.
- Email rules that demonstrate embed behavior
- New API connections, especially to new or untrustworthy apps
- Connection of shared services, public folders, etc.
- Deviation for the user’s standard behavior profile – devices, geos, time-of-day, etc
When correlating between the different behaviors, your company can build a complete picture assessing what damage was done and what vulnerabilities now exist.
Because threats don’t solely exist in email, you also need to protect your entire suite of applications, whether it’s file-sharing services like OneDrive and ShareFile or collaboration apps like Slack or Microsoft Teams. Every message, file and app in your entire cloud needs to be scanned for malware.
As more unfolds about the Colonial attack, more about ransomware will be written. However, one thing is clear: Doing business in “the year of ransomware” requires the best possible email and cloud security, and phishing prevention.
– Gil Friedrich is co-founder and CEO at Avanan.
Avanan is a cloud email security platform that pioneered and patented a new approach to prevent sophisticated attacks. We use APIs to scan for phishing, malware, and data leakage in the line of communications traffic. This means we catch threats missed by Microsoft while adding a transparent layer of security for the entire suite and other collaboration tools like Slack.
Avanan catches the advanced attacks that evade default and advanced security tools. Its invisible, multi-layer security enables full-suite protection for cloud collaboration solutions such as Office 365™, G-Suite™, and Slack™. The platform deploys in one click via API to prevent Business Email Compromise and block phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for multiple tools to secure the entire cloud collaboration suite, with a patented solution that goes far beyond any other Cloud Email Security Supplement.