Cybersecurity Without Insanity in 3 articles, 2 numbers and 1 thought.
This week: Surveys by INTERPOL, the Bank of England, and by Northwave Security on the mental impact of an attack. Plus: Anti-virus software is proven to block ransomware. But only if it’s active and up-to-date.
If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.
1. Northwave Security recently published research into the mental impact on victims of ransomware attacks. In the first weeks of an incident, issues such as lack of sleep, binge eating and drinking are common. Many express guilt for months after an attack, because they did not see the attack coming. And even 1 year after an attack, 1 in 7 of those directly or indirectly involved in the incident response showed symptoms of trauma so severe that they require psychological help.
2. INTERPOL recently released a ‘Global Crime Trend’ report, based on a survey of law enforcement agencies in INTERPOL’s 195 member countries. Agencies in the Americas were most concerned with illicit firearms trafficking, with 88% of agencies ranking this as a high threat, with many conerned about the future problem of 3D printers making it easier to produce home-made weapons. In Europe, agencies are most concerned about phishing and online scams, with 62% of agencies in the region regarding it as a high threat. Most worringly, 76% of agencies in Europe fear that online child sexual exploitation and abuse will increase over the next 3 to 5 years.
3. Tech Monitor reports on a Bank of England survey of 65 UK financial executives, which shows executives believe a cyberattack is the highest risk to the financial sector, despite the growing threats posed by inflation and geopolitical events. However, despite the increasing risk of cyberattack, most executives remain confident that they can defend against an attack.
The two numbers this week are from a recent evaluation of how 13 of the most popular Threat Protection corporate applications defended against 10 common ransomware scenarios. You may also hear Threat Protection software referred to as Anti-Virus or Endpoint Protection. The tests were performed by AV-TEST, an independent IT security testing organisation, and included tests of Avast, BitDefender, Malwarebytes, Microsoft Defender, Trend Micro, and VMWare Carbon Black.
62% (8 out of the 13 corporate solutions tested) successfully detected and defended against all attack scenarios. They did not allow the ransomware to gain a foothold on the device or to make any changes.
85% (11 out of the 13 corporate solutions tested) prevented any files being encrypted, even though some allowed certain actions to succeed – e.g. the ransomware was able to add information to the registry of the device. Of the 2 that allowed the ransomware to run:
- 1 failed on just 1 of the 10 tests, which resulted in some files on the device being encrypted.
- 1 failed on just 1 of the 10 tests, which resulted in all of the files on the device being encrypted.
PS The AV-Test also evaluated 16 of the most common solutions used by consumers at home, and the results are also very encouraging.
ONE THING TO THINK ABOUT
The results of AV-TEST’s assessment that I mention above is a glimmer of light in the darkness of the ransomware scourge. It suggests that a ransomware attack may be blocked by your threat protection software, even if one of your staff members are fooled by a phishing email.
But.. Whatever product you use (.. and you do use one, don’t you?), it’s only going to protect you if it’s turned on and kept up-to-date on every device.
Because, just like every piece of tech, these applications can fail.
I remember once examining a sample of 20 laptops that were apparently being closely monitored and managed by a large, well-respected IT managed service provider. Of the 20 devices in the sample:
- 8 of the devices had not received anti-virus updates for at least 6 months.
- 5 of the devices weren’t running the protection software at all, due to failed installations over 2 years before.
I’d like to assume this is an extreme example, but you need to see evidence (e.g. a report) on a regular basis that shows your chosen Anti-Virus / Endpoint Protection product is active and up-to-date on all of your organisation’s devices.
Otherwise, you should assume that at least some of these devices are not protected.
If there’s an absence of evidence, this may be evidence of absence.