Blog

Antivirus Fails 100% What’s the Solution?

Posted on November 23, 2016 by Advisory Team

More than half of U.S. companies have experienced a ransomware incident1, which means that if you haven’t already been attacked by ransomware, there’s a high probability you soon will be.  Here’s why.  Traditional cyber security is just not doing the job. 

 

Traditional Cybersecurity

What is very disconcerting is that almost half of the ransomware incidents in the survey occurred on a corporate desktop within the enterprise security environment.1 A Barkly survey2 of 60 companies who recently experienced ransomware attacks helps us understand why. The survey reported a variety of traditional security products that were unable to prevent the attack.

  • 100% of the attacks bypassed antivirus
  • 95% of the attacks bypassed the victim’s firewall(s)
  • 77% of the attacks bypassed email filtering
  • 52% of the attacks bypassed anti-malware
  • 33% of the attacks were successful even though the victim had conducted security awareness training

 

Backup Is Not the Answer

Many companies are relying on backup to recover the stolen information. A Barkly study of IT professionals2 found that 81% indicated they felt confident that backup would help them make a complete recovery from a ransomware attack. However, the bad news is that less than half of those who had experienced an attack were able to fully recover their data with backup.

Barkly’s Jonathan Crowe warns, “the idea of increasing widespread reliance on backup, a solution that's really meant to be used as a last resort, makes many security experts nervous. There's also the worry that some ransomware variants make copies of encrypted data that criminals can later sell or post publicly.”

Plus, for IT staffs already challenged with too much to do, ransomware remediation takes hours. Almost half of the successful attacks forced IT staff to work more than nine hours to remediate the incident.1

How can IT teams fight this growing problem? The emphasis should be on proactive prevention rather than reactive recovery.

 

A Proactive Cyber Defense

There is no perfect answer to solving this increasing challenge. Cyber security products have not yet caught up with the rapidly evolving sophistication of cyber crime. Barkly suggests a three-pronged approach to your proactive cyber defense.

  1. Stop ransomware from being delivered via email. – Keeping in mind that email filtering was bypassed in 77% of successful attacks, the best step you can take is increasing the training of users to spot phishing emails and avoid falling for them. Since 25% of incidents attacked senior executives and the C-Suite1, ensure that they too have top-level training to identify suspicious emails and inquiries.
  1. Stop ransomware from being delivered via exploit kit. – Preventing infections from exploit kits requires two steps. First, install an ad blocker, which can protection users from malicious web advertisements, and then stay on top of patch management.
  1. Stop ransomware from effectively launching on an endpoint. – Put in place a defense that not only recognizes the initial attack behaviors of launching and encrypting your files, but can also stop those behaviors and preventing the attack from fully executing and doing damage.

 

Best Practices for Backup and Recovery

Although backup is not the answer for protecting against ransomware, it is a critical component to protecting your data and valuable information.  Gartner recommends the following best practices:3

  • Ensure that your organization has a single dedicated crisis management team.
  • Implement an enterprise endpoint backup product to protect user data on laptops and workstations.
  • Build a list of storage locations that users can connect to that are inherently vulnerable, such as file shares.
  • Evaluate the potential business impact of data being encrypted due to a ransomware attack, and adjust recovery point objectives (RPOs) to more frequently back up these computer systems.
  • Align with the information security, IT disaster recovery and network teams to develop a unified incident response that focuses on resiliency, not only prevention.

 

Stay Vigilant

There is no silver bullet in cyber security defense. The best defense is to stay vigilant and continue to learn about new ways and products that can help you stop ransomware from attacking your organization.

 

1Malwarebytes™, “State of Ransomware,” August 3, 2016

2The Barkly Blog, “Survey: Ransomware vs.Traditional Security, 2016

3Gartner, “Use These Five Backup and Recovery Best Practices to Protect Against Ransomware,” June 8, 2016

This entry was posted in Blog and tagged Recovery, Prevention, End Point, Malware, Ransomware, Exploit, Antivirus, Backup, Security Awareness Training, Cyber Security Defense