Banning ransomware payments is a bandaid solution

Ransomware has become like the big bad wolf in Australia. Companies of all sizes are nervously looking over their shoulder, wondering when their house will be blown down. Debate rages on over proposed new laws to ban ransomware payments — some industry figures are in agreement, whilst others argue a ban will only exacerbate the issue and put organisations at greater risk.

But these arguments are missing a beat. For some reason we have forgotten that if we build our houses properly, they cannot be blown down. While it’s true banning payments may help to reduce the threat of ransomware, a ban is not a silver bullet, and cyber attacks will break in one way or another. Ransomware, like all forms of cybercrime, also keeps growing and evolving, with an organisation’s reputation now becoming just as much of a target as their data.

If we structure our cybersecurity systems in a way that allows us to limit the spread of attacks and maintain the function of IT systems even in the event of ongoing cyber attacks, ransomware payments, and all other breaches, simply won’t be as much of an issue. No matter how much cybercriminals huff and puff, your most sensitive data will remain isolated and therefore protected.

Here I’ll discuss how ransomware is changing, and why building segmentation and visibility into your cybersecurity practice is the best protection against all cybercrime.

Why Australian businesses still fall victim to ransomware

Attacks like ransomware are still pervasive in Australia. Yet too many organisations are still reliant on traditional prevention and detection tools that were not built to contain and stop the spread of breaches. This means organisations are taking their chances on being able to recover from failure, instead of being resilient against failure through their ability to contain the spread of a ransomware attack.

More often than not, recovery plans are also inadequate or have not been properly tested, rendering them ineffective when a real incident does occur. Bad actors know this and intentionally target organisations and operators of essential services where this is the case, for greatest chance of damage. As a result, businesses are left with no choice but to pay the ransom to restore operations and retrieve data as quickly as possible.

A growing threat — ‘reputation for ransom’

We have all witnessed the reputational damage suffered by countless local organisations over the past year alone. Preventing reputational damage is becoming almost or equally as valuable as regaining the stolen data itself, giving attackers even more ammunition to demand a ransom payment from organisations.

In this current high-pressure environment, breaches are believed as soon as they are reported publicly. The Cyber Security Agency of Singapore recently highlighted ‘reputation for ransom’ as a key cybersecurity trend to watch — and given the global nature of cybercrime, we should expect the same here in Australia. This emerging new technique will be to make up fictional breaches by publicising repurposed data from prior attacks or information blended through open-source data scraping.

How can organisations protect against a breach that isn’t even real? The answer lies in having confidence in your security infrastructure.

Building hotels instead of houses

The first step is to structure your cybersecurity ‘house’ — or in this case, hotel — properly in the first place. When breaches occur, it’s often not the initial entry that causes the most damage, but when the attacker moves throughout an organisation to reach the most critical data and assets. A hotel structure means while an intruder may be able to gain access to the lobby, they cannot access other floors or rooms protected by unique key cards.

Zero Trust Segmentation (ZTS) stops the spread of breaches by isolating workloads and devices across clouds, data centres and endpoints into separate segments, to protect them from threats. It does this by continually visualising how workloads and devices are communicating, creating granular policies that only allow wanted and necessary communication, and automatically isolating breaches by restricting lateral movement proactively or during an active attack.

The value of visibility

It’s hard to overstate the value of real-time, end-to-end visibility in your cybersecurity systems. Remember the first step in building resilience to ransomware is seeing where the attacker could go.

By developing comprehensive visibility into the communication flows across your environment, you can identify unnecessary connections that ransomware can exploit, and create automated alerts to catch malicious movements early. Only with this combination of segmentation, and the ability to proactively block attackers’ pathways during live attacks, can critical data be truly secured.

Banning ransomware payments will not prevent data breaches or reputational damage, it is merely part of the solution to a much bigger cybersecurity issue. Australian organisations need to make the assumption that the cybercriminals will penetrate their IT systems, and then be able to prevent them from moving internally to reach critical data and infrastructure.

Image credit: iStock.com/Boonrit Panyaphinitnugoon