2019 might prove the make or break year for your enterprise’s cybersecurity. Either you fortify yourself against the deluge of threat actors and malware…or you succumb.
Among the horde of digital threats, few can boast the notoriety of ransomware. Ransomware holds files, databases, or in extreme cases entire networks hostage, refusing to relinquish their grip until they receive payment from the victim (usually in cryptocurrency).
While ransomware experienced a decline in usage in 2018, experts agree it could come roaring back at a moment’s notice. If cryptocurrency malware proves less profitable, or if new innovations make ransomware harder to remove without paying, ransomware will return.
If those predictions become reality, can your enterprise defend itself against modern ransomware? How should your business prepare against ransomware. What network areas and databases need the most protection? How will ransomware evolve?
To get more information, we consulted with Sash Sunkara, Co-Founder and CEO of RackWare and Todd Matters, Co-Founder and Chief Architect at RackWare. RackWare is a hybrid cloud management and backup and disaster recovery solution provider.
Here are Sash and Todd’s 10 Most Worrisome Ransomware Predictions for 2019:
1. No enterprise will be exempt from a ransomware threat.
Sash Sunkara: Enterprises of all sizes underestimate how vulnerable they are, but they can’t afford to make this mistake in 2019. When businesses don’t believe they’re a target, they don’t feel the need to put systems and processes in place to ensure they would survive an attack. And, the worst time to start thinking about it is when your business is in a state of emergency.
2. The next few attacks will be more sophisticated.
Sash Sunkara: Ransomware is still a concern for good reason. We’ve really only seen the first wave of these attacks. Enterprises have put processes in place to protect themselves in the wake of that initial wave, but we’ve yet to see the worst of what these attacks can do. Threat actors will only become more aggressive and we’ll see a greater need for enterprises to explore more sophisticated solutions. They’ll need a comprehensive option rather than a temporary fix if they plan to survive the neverending threat cycle ahead of us.
3. Concerns will heighten around cloud security.
Todd Matters: In general, clouds are as secure, if not more secure, than most data centers. But, they have the same vulnerabilities that data centers do. As ransomware threats become more sophisticated, cloud providers will need to continue introducing protective measures that won’t leave clouds susceptible.
4. Cloud providers’ efforts will only go so far.
Sash Sunkara: When you migrate your workloads to the cloud, the duty of managing a physical data center, boxes or a network goes away. But, managing your applications, monitoring performance and maintaining a level of security is shared responsibility between the cloud provider and enterprise IT. Cloud providers supply infrastructure, but it’ll be up to enterprise IT groups to make sure they have higher levels of security in the year ahead. If you don’t have the right protections in place for your business, it’ll only hurt you. A service provider could walk away at any time.
5. Stealthier tactics will bring some enterprises to ruin.
Todd Matters: We’ve worked with plenty of IT teams who thought that if they were hit with ransomware, they would know about it right away. Unfortunately, businesses that still share this belief will experience data compromises in 2019. The truth is that these threat actors are smarter than they’re given credit for, so intrusion detection and protection solutions aren’t optional. Hackers will infect an enterprise and let it go on for weeks or months before they make it known and, by then, it’s far too late.
6. False positives will trigger uncertainty.
Sash Sunkara: Enterprises are beginning to implement safeguards, but those won’t be effective if the alerts aren’t reliable. If threat detection solutions regularly flag every small thing, IT teams will eventually stop paying attention — putting them and the data they’re protecting at greater risk. Organizations will want to make sure they have a smart system that flags when something is really wrong versus sending out a high volume of false alarms.
7. Backup and protection plans will fail.
Sash Sunkara: Enterprises that have protection or disaster recovery plans in place will still succumb to a ransomware attack if they don’t routinely test or validate for their environment. If you don’t test it out, you might as well not have a solution at all. You need to know what you’ll do when everyone’s looking at you and you’re losing money by the hour. You need to proactively determine what you’ll do in all scenarios so that you’re not scrambling when an attack brings your business to a halt.
8. Enterprises will see what their cloud segmentation is made of.
Sash Sunkara: A good monitoring system is critical, but enterprise cloud setups will also need proper segmentation if they hope to survive an attack. Businesses will need to ensure that an infection won’t impact their entire cloud environment in the event of a breach.
9. The likelihood of attack will increase.
Sash Sunkara: As we become more connected and hackers become more motivated, the chances of your enterprise getting hit will increase. Threat actors are, unfortunately, making money off of these attacks and that’s driving them to keep evolving. They’re discovering more opportunities to strike, which is only boosting the likelihood that your business will be impacted if you don’t have a plan in place.
10. Security will rely on a mastery of the basics.
Todd Matters: If enterprises don’t have the right detection or backup measures in place, they’re not necessarily doomed. Mastering the basics is a good starting point. That includes investing in intrusion detection and protection. Opening up to these kinds of mechanisms for prevention and recovery can help mitigate any new threats that are coming to cloud environments.
Thank you once again to Sash Sunkara and Todd Matters of RackWare for their time and expertise!
Latest posts by Ben Canner (see all)
- Endpoint Protection Capabilities You Need for the Cloud - April 18, 2019
- Endpoint Monitoring, EDR, and Endpoint Security: What Do You Need? - April 17, 2019
- Opinion: Can Your Cybersecurity Be a Competitive Advantage? - April 12, 2019