Anyone following the news over the last year cannot ignore the frequency of which these types of attacks are taking place. The organisations and companies that make the front page of the news are typically so large that the impact is felt through various layers of society.
It is therefore safe to assume that they put steps in place to secure their networks and data. We can probably take for granted that they have Firewalls in place as well as anti-virus solutions. For the most part, large organisations have extremely competent IT departments and have taken steps to protect their environments.
So where did they go wrong you might ask? Well, hackers are smart, they dedicate much of their time to find ways into an organisation undetected. It can be as simple as social engineering, in other words, getting information from an unsuspecting employee by gaining their trust or getting to know them. It can occur from a phishing email that looks legitimate and convinces the recipient to provide details that will give the hacker access, alternatively, users could be directed to a malware site where code is installed on their workstation allowing the attack. There are a myriad of ways for a hacker to gain access if he/she is determined.
Traditional anti-virus software, unfortunately, is of no use here, typically anti-virus software can only identify known viruses or worms which have signatures. Once they scan the signature then they can identify whether it is dangerous or not. The best real-world analogy here is that of fingerprints. If a crime is committed and the police collect the fingerprints and then compare them to fingerprints already in the system, the criminal can be identified. However, if he is not in the system, there is no way of knowing who he is and how to stop him.
Which is why LucidView, has always promoted and provided behaviour based intrusion detection and protection. Firstly, we have an advanced machine learning content filter, which allows you to block sites that our AI determines to be suspicious. Then we examine and analyse your internet traffic, we identify patterns and using our AI are able to isolate any connection that is behaving oddly. We can then go one step further and immediately kill off this connection before it has time to wreak havoc with your data.
To continue the analogy, behaviour based IDS is much like a criminal profiler, looking for deviance in ordinary behaviour to identify a potential criminal. The primary difference here is that we get to kill the deviant connection immediately.
With behaviour based IDS you can not only eliminate known and new threats, you can prevent a zero day attack!
Below is a list of organisations that have made the news after experiencing a Ransomware attack. It is important to bear in mind, that most companies do not report attacks and usually pay the ransomware rather than face the PR nightmare.
Ransomware is so prevalent that companies now carry insurance in the event of an attack. Here are just a few articles worth reading to understand how real and how prevalent this is:
- Large Scale Attacks expected in SA
- Major Metro Hit by Ransomware
- City Power held ransom
- North Korea launches Cyber Attack on South Africa
- The Rate at which Cyber Attacks are taking place
All these links refer to South African attacks over the last year. The costs of not protecting against these threats far outweigh the costs of protecting against them.
With the LucidView Enforcer, you are able to block sites deemed as “Risk”. As our software is machine learning AI this will assist in the fight against most ransomware connections. The LucidView Enforcer Pro goes on step further, it identifies anomalies and then kills them immediately proactively protecting your organisation. The cost, just $3 per month. Can you afford not to?