Malware vs Corporate Data, An Overview
At the backdrop of the recent PGA Championship season, ransomware had a very surprising role play, to infect the computers used by the PGA for running the tournament. If such big tournament organizer can get their employees to click the wrong link and execute a copy of a trojan, what now for an ordinary computer user? The reality is ransomware is a big money-making endeavor for cybercriminals, people are attached to their data. The moment accessibility to the data is cut, all hell breaks loose unless the victim has a credible backup solution that can reverse the data loss.
The ultimate goal of the information security process is to protect three unique attributes of information. They are:
- Confidentiality – Information should only be seen by those persons authorized to see it. Information could be confidential because it is proprietary information that is created and owned by the organization or it may be customers’ personal information that must be kept confidential due to legal responsibilities.
- Integrity – Information must not be corrupted, degraded, or modified. Measures must be taken to insulate information from accidental and deliberate change.
- Availability – Information must be kept available to authorized persons when they need it.
Ransomware infection basically renders the three attributes non-existent. Companies are expecting their data to be confidential, has integrity and available when they need them. All of which are erased by ransomware, the virus author’s motivation is to hold the data hostage until a certain amount is paid, something many victims already did. The WannaCry ransomware of 2017 earned cybercriminals an estimated $4 billion worth of ransom. It speaks volumes of how profitable virus authorship became in our highly advanced Internet-connected world.
The attacker’s incentives are part of a larger underground economy. Broadly speaking, the actors in this economy are those selling attack services and heavily invested to penetrate the information stored on remote servers. We have entered the age where cyber defense spending is no longer a luxury for a Fortune 500 company, but rather a necessity for all business types, regardless of the sector they are operating.
Insight into the underground cyber-economy of attackers potentially yields pressure points on which to focus security efforts. For example, the sellers of attack services must publicize the availability of their services in an appropriate marketplace, and it may be possible to target the sellers themselves. It may also be possible to interfere with the operation of the marketplace itself, by shutting down the various marketplace venues or by poisoning them so that buyers and sellers cannot trust each other.
There is an ecosystem that exists between the cybercriminals and the potential victims, and if the latter will always be a prey until a credible cyber defense solution is rolled-out. Another new form of industry that helps corporate Internet and computer users are the Penetration Testing sector, a new business model of offering to “hack” a computer and network system, simulating what a cyber attack does for-hire. It is a new concept where a few companies sign-up for. But it is expected to grow by leaps and bounds, as a simulation of a cyber attack reveals weaknesses in the system, which can be patched and corrected. This enhances the security of the organization, as prevention of cybersecurity issues is much better than fixing a broken reputation and damaged brand caused by a real cyber attack.