Are you prepared to let your company be held to ransom?

The cyberspace is a scary place. The biggest threat organisations face is ransomware, because even when the ransom is paid, only 65% of the data is restored1. As soon as you’re online, you need to invest strategically in cybersecurity to protect your organisation and demonstrate ROI to prevent it from being viewed as a sunken cost.

I invited Jon Hope, Senior Technology Evangelist at Sophos for over ten years, to talk about cybersecurity and its implications for organisations today.

The need for more end-user training

JH: I hate the perception that if a user clicks on a link in a phishing email, they're stupid.

LD: They’re not. The emails can look so convincing, and be sent from legitimate sources.

JH: We recently ran a ‘Choose your own Hackventure’, which simulated an attack from both the victim’s and criminal’s perspectives. As well as show both sides of the fence, it highlighted just how much research cybercriminals do.

LD: Like the social media quizzes that ask you to input your details to work out what cocktail you’ll drink this Friday – people don’t realise they’re handing over the answers to their security questions.

JH: Exactly! Social media enables cybercriminals to create very specific scenarios that are rational and fit the individual, so they don’t think twice about clicking.

LD: The fact is bad actors are not teenagers in hoodies, sat in the shadows of their bedroom. They’re professional criminals. We need to change that perception and better educate users.

The lack of investment

JH: Another thing that irks me is when a company chooses to keep a pot of cash kicking round to pay a potential ransom, rather than invest it. The average ransom paid by a mid-sized organisation is $170,4041.

LD: An enormous pot of money – usually more than the cost of protection. It would be far more sensible to invest before an attack, than wait to pay a ransom and still risk losing 35% of your data.

JH: And don’t forget the productivity costs involved to get back up and running. As well as the intangible costs, like reputational damage - people are unlikely to give you their details if you’ve just hit the headlines for a breach.

LD: With social media, there’s no hiding from it now. So why let it get that far?

JH: IT is seen as a cost-centre, so organisations end up with adhoc products to solve specific problems - but the tools don’t integrate. Sophos was one of first vendors to question, ‘Wouldn't be good if the firewall talked to endpoints?’. That way, if an endpoint spots a threat, the firewall can react and lock it down to prevent the threat spreading. Today you hear terms like ‘synchronised security’ or ‘cybersecurity-as-a-system’, but it’s all about how products share information.

LD: The added benefit is that the management console has one set of rules, which makes threat-hunting easier and allows you to automate system responses.

JH: Absolutely, it all saves time – and money. And the incredible thing is that when you invest in cybersecurity it actually makes you less of a target. Of the organisations hit by ransomware, 43% had invested in proactive security. But when that investment increased to 48% no-one was hit2.

LD: It proves the point that investing to be prepared makes a tangible difference.

The skills gap

JH: Friday afternoon is a popular time for attacks because people have mentally left the office. Otherwise, it’s midnight or at weekends when people are less likely to be around.

LD: It’s why you need a security team working 24/7/365. But unless you’re an organisation with deep pockets, you simply can’t afford to hire that level of protection in-house.

JH: Not to mention that 81% of organisations say finding and retaining cybersecurity talent is a challenge1. Outsourcing is the future.

LD: It has to be. We’ve certainly seen an increase in the number of customers approaching us for help. The growing number of ransomware attacks over the last 18-months3 has put a spotlight on the vulnerabilities in their cybersecurity systems, and they just don’t know what to do.

JH: A tool like Sophos Managed Threat Response (MTR)? can prove invaluable because it’s designed to fit organisations of all sizes. It doesn’t matter if you have internal cybersecurity expertise or not, require help with one area like threat hunting or 24/7 monitoring – or want to outsource the whole piece. We even give options on how they consume MTR – the customer can choose to do it all themselves, we can support their IT Manager, or we offer a mixed-mode and work together.

LD: I’ve seen that collaboration work really well. When you suffer a breach, often it’s the remediation piece that’s the biggest problem. The fallout can be phenomenal, but with MTR you always have expertise on tap.

Cyberattacks: it’s not IF, but WHEN

Last year over 1 in 3 mid-size organisations were hit with a ransomware attack1. Rather than cross your fingers and hope for the best, it’s better to plan for the worse and proactively improve your cybersecurity posture.

If you’ve not yet read the Sophos 2021 Threat Report, download a copy here…

Alternatively, if you’d like to arrange a demonstration of Sophos MTR and discuss how it could enhance your cybersecurity, please send me a message.

And Jon and I are currently in the process of organising another ‘Choose your own Hackventure’. If you’re interested in getting involved, or know someone who is, please comment below.

References

1 https://secure2.sophos.com/en-us/security-news-trends/whitepapers/gated-wp/state-of-ransomware.aspx?id=98304-26158

2 https://www.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf

3 https://home.kpmg/xx/en/home/insights/2020/05/rise-of-ransomware-during-covid-19.html

? https://www.sophos.com/en-us/products/managed-threat-response.aspx