30 year cybersecurity and networking veteran and President and CEO of SonicWall, security leader protecting a million networks globally.
The modern network environment is a dynamic entity. It interacts. It moves. It evolves.
As such, organizations that attempt to maintain a sense of static peace and orderly conduct are fooling themselves into false senses of security. This is the core reason many enterprises adopt multilayered cybersecurity strategies.
The desired outcome is a system of checkpoint safeguards that form an inside-out defense at various stages to help thwart today’s modern cyberattack. These layers include protection at various levels:
• Network (including encrypted traffic)
This approach helps organizations manage security policy, compliance and enforcement to deliver a strong security posture.
But even the most well-planned and expertly engineered networks can be compromised by the simplest malware targeting the latest vulnerability. It’s only a matter of motive, initiative, resources and time.
As such, enterprises, mid-market organizations and small- to medium-size businesses alike need to implement sound and thorough business continuity and disaster recovery plans to ensure networks can quickly return to full operations in the wake of a cyberattack.
Forever probing for weakness in your security posture, cybercriminals actively target endpoints (e.g., laptops, desktops, mobile devices) to leverage as an attack vector into your organization — particularly when most vulnerable outside the enterprise, like at the airport, coffee shops and hotels.
And it’s effective, too. End users are too busy or have an understandable lack of situational awareness to sniff out potential social-engineering plots. After all, cybercriminals only need one successful click, while organizations are faced with the daunting task of defending hundreds or even thousands of entry points.
And the attacks are only accelerating.
Ransomware Boom Increases Risk To Businesses
According to our company research, we recorded more than 158 million ransomware attacks already in 2018 — a 299% jump for the same five-month time frame in 2017. This increase in attack volume represents growing risk for enterprises, government agencies and SMBs alike.
In March 2018, the SAMSAM ransomware took numerous departments within the City of Atlanta completely offline for weeks. And while the ransomware didn’t compromise an endpoint to deploy its payload — it was a server-based attack — it does show the serious ramifications an attack can have on the real world.
All told, the City of Atlanta was unable to provide a number of critical citizen-centric services for days, including water bill payment, and the Atlanta Police Department was even forced to file paper reports.
The Cost Of Cyberattack Remediation
Earlier this year, Lloyd’s of London said that cyberattacks were the new No. 1 risk to businesses. And industry data strongly supported that claim.
According to an Accenture and Ponemon Institute report, 23 days was the average time to resolve a ransomware attack for companies. The study also stated that the average expenditure of a malware attack was $2.4 million — a top cost to companies in 2017.
Last July, the Erie County Medical Center estimated that the remediation costs of ransomware attacks reached almost $10 million. The original ransom? $30,000.
Large organizations have contingency budgets for any number of unforeseen issues, including cyberattacks. But what about small businesses or mid-market companies? They may not be as lucky.
Like the City of Atlanta, most businesses will likely either have to pay the ransom — which is not advised due to low recovery rates and further incentivizing cybercrime — or endure high levels of business disruption, including damage to brand and customer trust.
The New Checkbox: Automated Rollback Endpoint Protection
For many, deploying advanced endpoint protection and antivirus capabilities is a common and foundational practice. But with a high likelihood of an endpoint being compromised, organizations need a contingency plan, particularly for attack vectors that roam outside the enterprise walls.
Best practices prove this strategy should include layered policy, compliance and enforcement coupled with a layered security platform that includes a next-generation firewall, email security, secure mobile and wireless access capabilities and endpoint protection.
And the endpoint is where automated rollback comes into play. This capability, which is currently offered by a handful of companies, returns your files to the point previous to the malware attack.
This level of protection also automatically isolates infected devices and immunizes the remaining endpoint estate. Automated rollback protection eliminates the need for manual restoration in the case of ransomware and similar attacks.
Sound endpoint protection, particularly with automated rollback, is a cost-effective measure to help close attack vulnerabilities, mitigate the compromise of end-user devices and extend cybersecurity policy, compliance and enforcement across the enterprise.
And it’s certainly a far better outcome than very public remediation that will likely reach millions of dollars.