Despite warnings, ransomware attacks rise in frequency, impact and intensity
Security specialists have been sounding the alarm for years, but despite all the warnings, most organizations still don’t take cyberprotection seriously. Even those that have been hit by ransomware attacks continue to leave dangerous vulnerabilities exposed, opening the opportunity for cybercriminals to keep coming back.
“Cyber risks are not identified as vulnerabilities, as important risks as they should be,” said Naveen Chhabra (pictured), senior analyst at Forrester Research Inc. “Our research tells us that the number of ransomware incidents has grown 500% in the preceding 12 months. The impact, intensity and frequency of ransomware attack is simply growing.”
Chhabra spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the Acronis Global Cyber Summit event in Miami Beach, Florida. They discussed how organizations are failing to protect themselves in an increasingly dangerous cyber environment (see the full interview with transcript here). (* Disclosure below.)
Great solutions kiboshed by siloed organization
The conversation at Acronis centered around the emerging trend for cyber protection, with “… the confluence of data protection and cybersecurity coming together with platform,” according to Furrier.
“The industry certainly needs the technology,” Chhabra agreed. But he foresees an issue: “You cannot do that traditionally the way organizations have been structured,” he stated.
Restoring from a safe back-up is the default solution in the event of data loss. While that works for operational disruptions, a malware attack can affect the integrity of unprotected back-ups and risk continued infection and security breaches.
“So, the million-dollar question there is how do we get back to the copy which is clean and uninfected?” Chhabra said.
Why can’t operations and developers just get along?
The problem is the traditional animosity between the operations department and the development team in charge of risk assessment and security.
“Security would not trust what infrastructure and operation guys would be doing,” Chhabra said. “They’ve been taught to operate in that model, and now comes a situation — the ransomware situation — where they’re asked to trust each other and work with each other. That’s not happening, is it?”
Chhabra has facts to back up his statement. He conducted a survey of organizations that had already experienced at least one ransomware attack and asked if they had tasked operations and development teams with working together to improve security.
At first, statistics looked encouraging, with 30% saying the two teams were working together. However, when Chhabra asked if the teams had a common plan and approach to solving the problem, fewer than 5% said yes.
That major businesses can be so lax about security seems hard to believe, but Chhabra gives the example of a Central European hotel chain that was attacked through its key management system. With angry guests locked out of their rooms, the hotel paid the ransom to regain control of the application.
“[But] they didn’t secure the infrastructure and applications further, which was required,” Chhabra said. “Three months later, they were attacked once again.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Acronis Global Cyber Summit. (* Disclosure: TheCUBE is a paid media partner for the Acronis Global Cyber Summit. Neither Acronis International GmbH, the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.