Internet of Things: the ransomware threat, How IoT could usher in the net wave of ransomware, and how to prevent it
Mark Banfield is the Senior Vice President & General Manager International at Autotask (now Datto). Opinions expressed by EM360 contributors are their own.
In 2017, organisations were hit by ransomware attacks on an unprecedented scale. One report claims the average number of ransomware attacks in 2017 was up 23 percent compared to 2016, with detections up almost 2000 percent since 2015.
The spread of ransomware is only set to increase in 2018, with the increasing availability of crypto-currencies which can allow a cyber-criminal to remain anonymous while conducting mass attacks. Experts also believe there will be a rise in targeted ransomware where criminals pinpoint a specific, and potentially lucrative, victim for extortion.
With the large-scale attacks attributed to the likes of NotPetya and WannaCry making headlines worldwide, CISOs and IT teams have become increasingly aware of the importance of protecting their organisations from attack.
But while most ransomware attacks currently infiltrate an organisation via email, a new delivery system for both mass and targeted attacks is on the horizon, with the mainstream adoption of the Internet of Things (IoT).
Gartner predicts there will be 20.4 billion connected things in use worldwide by 2020. The volume and variety of new endpoint devices alone will present a huge challenge for IT managers, who will be tasked with deploying, managing, and securing the influx of new endpoint devices.
The issue of managing endpoints within an organisation is already a challenge. Autotask's Metrics That Matter 2017 survey said 63 percent of IT service providers have witnessed a 50 percent increase in the number of endpoints they're managing, compared to 2016.
IoT will usher in a raft of new network-connected devices, each one a potential entry point for malicious attacks, particularly when there is still a lack of established security standards around IoT.
Many companies' uncertainty around securing IoT devices is highlighted in Spiceworks' State of IT report, which shows currently 29 percent oforganisations have adopted IoT, with an additional 19 percent planning to do so this year. However, the data shows only 36 percent of IT pros feel confident in their ability to respond to cyberattacks on IoT devices.
But consider the serious – and potentially life-threatening – impact of ransomware on smart devices within critical applications. A cyber-criminal could potentially have the means to turn off lighting or heating systems, or lock users out of their homes or businesses. Moreover, they could even affect the safety of drivers by tracking and hacking their IoT-enabled vehicles, turn off entire power grids or access ‘smart' medical devices such as pacemakers.
So perhaps it is unsurprising that a 2017 survey found that almost half of small businesses questioned would pay a ransom on IoT devices to reclaim their data.
With IoT vendors rushing their products to market despite a critical lack of security standards, what can be done today to help secure your organisation from attack?
The most basic layer of protection is to monitor and patch all computers and applications as soon as patches are released. Patching provides the most basic layer of protection to operating systems, especially once a security flaw is uncovered.
Anti-virus and network monitoring
Organisations are being targeted through more sources than ever including IoT devices. Anti-virus and network monitoring examines all files and traffic, filtering them against all known threats. Keeping virus definition files current is critical to ensuring these systems are running at peak performance.
Backup and disaster recovery
There is sometimes a gap between when a threat is first introduced and when a vendor is notified and develops a remedy. Making a full-system backup protects back-office systems when an attack occurs and provides a recovery option for unknown threats and even the most catastrophic failures.
Although there's a layer of protection on back-office systems, backup and recovery of data for these devices are still needed. These devices create, share and store business data, and if a cybercriminal captures this proprietary and sensitive information, it can have a significant impact on business productivity and profitability. Enabling real-time data backup on these endpoints can prevent business-critical information from being compromised.
Secure file sync and share
Allow employees to collaborate securely from any location and using any device – including their smartphones and other smart devices. Grant access and editing controls for specific documents, and allow employees to recover data that is maliciously or accidentally deleted.
Education and awareness
Educate employees about cybersecurity risks, new ransomware strains and best practices for spotting security risks. Empowering them to be proactive and encouraging them to report questionable content using rewards and incentives will help increase awareness and decrease overall risk.