Today’s IT security landscape is increasingly sophisticated and elusive, and many IT administrators see traditional network security defenses becoming less effective in protecting their businesses. A major culprit is malware signatures that are evolving more quickly than security vendors’ abilities to create patches. According to research from Cisco, antivirus vendors have created protection for more than 20 million known viruses, but hackers are estimated to have created more than 100 million — and that number grows each year.
One of the most insidious security threats companies face is ransomware, which infiltrates companies’ networks oftentimes through emails containing links/attachments from seemingly legitimate senders (e.g., FedEx, the IRS, UPS). Once the user clicks the infected email link or attachment, the malware begins encrypting files on the user’s machine as well as any additional files the machine has access to via the network. Shortly afterward, users receive pop-up messages on their screens notifying them that their data is being held ransom, and they must pay a fee — typically $700 to $1,000 — to obtain the decryption key.
It’s estimated that ransomware threats like CryptoLocker (and variants like CryptoWall and Locky) netted cybercriminals $325 million in 2015 alone. According to security vendor Proofpoint’s “Quarterly Threat Summary, April-June 2016,” there has been 600 percent growth in new ransomware families since December 2015, and the FBI says ransomware is on pace to become a $1 billion-a-year crime this year.
Multilayered Protection is a Must Have
Years ago, most network security attacks could be stopped with antivirus software and a firewall, but not anymore. In fact, traditional security systems stop only about 40 percent of today’s attacks, according to Ars Technica. The key to minimizing threats in today’s digital era is to take a layered security approach, advises the SANS Institute in a recent information security white paper:
Organizations operating in the digital world today need layers of security so that an email message that gets through the firewall will get stopped by the mail server’s antivirus; and if it makes it through that, then it should be stopped by the workstation’s antivirus. If the hostile program actually secures a toehold on the workstation, it should be detected when it runs on the workstation because it’s doing things that are suspicious or unexpected. Look for connections to sites on the Internet with known relationships to hostile activity, and block such sites by egress filtering on the firewall.
Adding two-factor authentication to password-protected data, replacing traditional firewalls with next-generation firewalls, and implementing backup and disaster recovery (BDR) are three additional security layers that should be implemented to protect your customers. One final point to keep in mind is that while having multiple security products is important, being able to manage all these products is equally important. Make sure you’re using an RMM (remote monitoring and management) solution that can integrate with all of your security products, so you can view your entire security ecosystem from a single pane of glass. That way, what your security tools are seeing, you’ll be able to see — and quickly respond to — as well.