I just reviewed descriptions of sample incidents associated with ransomware outlined in the ‘Top 10″ review by TripWire.
Ransomware attacks — malware that encrypts your data followed by the attacker attempting to extort money from you for the decryption secrets — are a non-trivial threat to most of us as individuals and all financial services enterprises.
Unfortunately for some, their corporate culture tends to trust workforce users’ access to vast collections of structured and unstructured business information. That ‘default to trust’ enlarges the potential impacts of a ransomware attack.
As global Financial Services security professionals, we need to resist the urge to share unnecessarily.
We need to quickly detect and respond to malware attacks in order to constrain their scope and impacts. Because almost every global Financial Services enterprise represents a complex ecosystem of related and in some cases dependent operations, detection may involve many layers, technologies, and activities. It is not just mature access/privilege management, patching, anti-virus, or security event monitoring, or threat intelligence alone.
All of us also need to ensure that we have a risk-relevant post-ransomware attack data recovery capability that is effective across all our various business operations.
So, does the cloud make me safe from ransomware attack? No. Simply trusting your cloud vendor (or their hype squad) on this score does not reach the level of global Financial Services due diligence. It seems safe to assert that for any given business process, the countless hardware, software, process, and human components that make up any cloud just make it harder to resist and to recovery from ransomware attack. And under many circumstances, the presence of cloud infrastructure — by definition, managed by some other workforce using non-Financial Services-grade endpoints — increases the probability of this family of malware attack.
“10 of the Most Significant Ransomware Attacks of 2017.” By David Bisson, 12-10-2017. https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/10-significant-ransomware-attacks-2017/