Skip to main content

The digital transformation of crime: Why businesses are still soul-searching?

The digital transformation of crime
(Image credit: Future)

Cybercrime has dominated our news cycles consistently throughout the last few months. From airlines to fitness trackers, it seems no company that holds data is safe from cybercriminals, ransomware and cyber attacks. Hackers have looked at the chaos and pain caused by the pandemic as an opportunity, and research suggests that cybercrime will cost the global economy $6 trillion in 2021 alone according to Cybersecurity Ventures.

Ultimately, one of the biggest reveals of 2020 is that the businesses, organizations and groups we use on a day-to-day basis, and trust with our information, are still grappling with the perils of cyber security

Every business has been turned on its head, revamping and updating outdated technologies and processes so they can function in what’s become the most digitally native workforce ever to exist. Thankfully, businesses can use tools to prevent damage, disruption and cost associated with these attacks and these solutions act as a last line of defense to stop outbreaks.

Issues like ransomware won’t be going anywhere anytime soon. It’s a massive business in itself, worth billions of pounds every year and the scams, systems and processes these criminals use are digitally transforming just as fast as the businesses they’re trying to penetrate. It’s scary and can seem daunting, but as we tell all our Ricoh clients there are things you can do and techniques you can adopt to protect yourself. Now really is the time to act if you want to safeguard yourself, your employees, your customers and your reputation.

Cyber hygiene

There is a significant assumption that cyber hygiene, the steps you take to keep your business computers and devices safe, is something that should be easy. Unfortunately, there are still many things that can go wrong with this essential and initial step, especially when dealing with multiple moving parts caused by remote working, from dodgy routers to convincing phishing links in emails and texts. The way hackers access your hardware is advanced.

Even the Next-Gen endpoint protection and boundary defenses won’t hold up on their own, as in reality, they are no more than an additional layer of protection. Important? Yes. Lone soldier in your first line of defense? Definitely not.

Ask yourself this question, but “do you believe that your prevention-based security tools will give you 100% prevention, 100% of the time?” The criminals who are after your data will stop at nothing to get it, including escalated privileges if they can brute force, social engineer or otherwise obtain identities and credentials. Once in, your anti-virus, other prevention tools and backup can be disabled while they encrypt all your centrally stored data. This can and would cause maximum damage, disruption and cost – and this is the point your most likely to be held to a literal ransom.

Ransomware

Criminals are selective in terms of the IT infrastructure they target when deploying their ransomware. Typically, they hit file servers, database services, virtual machines and cloud environments. Of course, these choices will also be heavily influenced by what we may term their 'business model’ – which also means they should be able to disable or disrupt backup applications and related infrastructure. This increases the recovery time for the victim, or in some cases due to unavailability of offline or offsite backups, prevents the ability to recover at all.

Ransomware attacks happen all the time, even when a business has several layers of protection to stop these attacks, such as AV, EDR, Firewall, Sandboxing, AI, Behavioral. So, how do you stop an outbreak of illegitimate encryption (ransomware) once it’s begun – how do you know you even can?

Well, at Ricoh UK we believe that if you can’t answer the following three questions, then you will likely struggle if ever held to ransom:

  • Do you have tools that can tell which files are encrypted and where they reside?
  • How do you Identify the attacker (patient zero), which of your users were compromised, and which device were they on when it happened?
  • How you now stop that ongoing encryption 8,000-10,000 files per minute?

So, what do I do if it’s too late?

The issue is once the ransomware is in and starts delivering its payload by encrypting your data, it matters less how it got in and at this point, and it’s too late for your prevention-based security to react. At this stage, what matters most is stopping the illegitimate encryption in seconds.

Ransomware is the most damaging, disruptive and by far the costliest cyber threat that can hit you. It is imperative to stop the encryption process as quickly as possible. Otherwise, there are only two options are to:

  • Pay the ransom.
  • Go through the much more costly method of restoring and rebuilding your IT environment.

The good news is there are tools that will detect and stop ransomware attacks even when the malware has bypassed all the organisations existing security tools. These tools provide critical security defence for a small portion of its available security budget. Organisations mustn’t rely solely on a reactive response. Every day we hear reports on how this strategy has proven to fail. To protect yourself, and your business, a future defence strategy needs to include disaster recovery with a last line of defence solution.

  • Morten Gammelgard and Steve Timothy are Cyber Security Experts at Ricoh.