Sophisticated organised crime has heralded a new era of cyber threat for businesses in the form of ransomware. It’s a significant and growing risk, capable of completely halting business operations and bringing organisations to their knees. According to IDC’s 2021 Ransomware Study, over 1 in 3 (37%) global organisations were victims of a form of ransomware attack in 2021.
Once this type of malware has taken hold, organisations find themselves in an unwelcome bind – don’t pay the ransom and face damaging financial losses until business operations are restored, or pay the criminals a substantial amount to release the data. More often than not, the second option is the only viable one, which explains why ransomware gangs are growing in power and are using increasingly sophisticated social engineering techniques to target organisations and individuals. It is an unfortunate consequence that companies choosing to pay a hefty ransom are strengthening a global cybercrime network, leaving their business and others at an even greater risk of future attacks.
Last year, a single leaked password led to the US’ biggest oil pipeline being brought down for several days by a ransomware attack, leading to panic-buying and gas shortages and resulting in sharp price spikes across the impacted areas. The company paid the equivalent of $4.4 million USD to release its data, after making calculations that not paying would have cost tens of millions of dollars and taken months of work to restore the data and affected systems.
And it’s not just the energy sector that’s at risk; over the past 12 months, ransomware has brought down organisations of all shapes and sizes – from telecoms companies to healthcare organisations. No organisation, industry, or state government is immune.
Outdated security measures
Ransomware’s primary attack vector is users’ connectivity to the internet. But since it is impossible for companies to disconnect from the internet while continuing to operate, solving this threat is a complicated challenge high on the agenda for security professionals.
Ransomware attacks vulnerabilities across an organisation’s complex ecosystem, and the response so far has been to lean heavily on detection techniques aimed at identifying and responding to attacks as swiftly as possible.
However, a flaw in this approach is that the technologies used are either looking for known attacks or Indicators of Compromise – namely behaviour that is already known to be suspicious. This means that these technologies are often unable to detect zero-day malware infiltration. But even more critically, these technologies are unable to stop the malware from getting in in the first place.
Infiltration usually occurs due to sophisticated social engineering, which targets a user’s human fallibility. In response, many companies have turned to staff training to protect against ransomware attacks.
But the reality is that even with the best training, even IT and cybersecurity professionals will sometimes fail to detect a ransomware attack. Cybercriminals are able to generate targeted attacks that are impossible for humans to detect 100% of the time.
All it takes is for one employee to click on one nefarious link or browse one compromised URL to provoke a ransomware attack and give malware a foothold in your network. Ensuring that all your staff – from c-suite to entry-level employees – maintain a perfect record when it comes to spotting phishing attacks is unrealistic and frankly a waste of everyone’s time. In short, these attacks target human fallibility, and we can’t ensure that employees never fail.
Rethinking security
A solution that is growing in popularity with security-conscious organisations is Browser Isolation, which removes an entire category of risk by creating an impermeable separation between the user’s endpoint and the internet.
Full Browser Isolation applies an approach called ‘Pixel Pushing’ to convert the browsed webpage into a safe, interactive, live video stream, meaning that the device is now completely ‘isolated’ from the risky internet. This completely removes all risk of ransomware attacks from the web, regardless of the sophistication or frequency of such threats. Instead of going online and potentially coming into contact with malicious, business-threatening code, employees are instead presented with a completely safe video representation of the web.
For the user, the web experience is exactly the same – text appears as text, links are clickable, and multimedia content, including videos, is fully accessible. But there is one key difference – the threat of malicious content getting into the network or onto their endpoint is eliminated due to the separation between web and network. Since company endpoints never come into contact with the web, employees can literally click on any link or visit any website without the risk of negative consequences for the organisation.
But Browser Isolation delivered through Pixel Pushing is exceedingly difficult to do. For example, to transform an online video into a safe interactive video in real time, without putting the endpoint in contact with original code, is extremely challenging. When Pixel Pushing is delivered through software, performance is impacted due to large amounts of video rendering which is highly compute intensive.
To mitigate this, a host of Browser Isolation technologies use a technique called transcoding, which delivers partial Browser Isolation via software. It does this by reducing website code into smaller subsets, removing any known malware and then reconstructing it before sending it back to the user’s device. This might sound good on paper, but it is a porous measure that always lets some of the original web code through, meaning that the threat of ransomware, while reduced, is still very real. When it comes to partial Browser Isolation, security is significantly compromised in favour of usability.
To solve the challenge of scale and usability, while maintaining the security levels of pixel pushing technology, hardware-based pixel-pushing browser isolation solutions use dedicated hardware to deliver a scalable and usable experience that doesn’t compromise on security.
A very real threat
It’s clear that the current cybersecurity market is broken – the spend on security products and services is rising each year, yet in parallel the scale and financial impacts of attacks is also growing. Current security measures aren’t protecting organisations in the way they promise.
The cybersecurity market is failing because the technology isn’t as effective as it needs to be. And until companies rethink their approach to security, debilitating attacks will continue to happen, and the frequency and severity will only increase.
So, it’s not surprising that the question of how to protect against ransomware attacks is one of the most pressing security questions keeping CSOs, CISOs and even CEOs awake at night.