Home / Blog / General / Is Ransomware really the biggest threat to your IT security?

June 13, 2018

As we’ve seen in the news with WannaCry and Petya/NotPetya, it is no surprise that ransomware is a term everyone is now familiar with. It is understandable why ransomware is popular amongst cyber criminals, as they’re realise the financial rewards from utilising this method.

Despite the high profile of these cases, it might come as a surprise to you to learn that ransomware isn’t your biggest threat, so shouldn’t be your greatest concern.b

Why is ransomware not my biggest concern?

Think about it, the point of a ransomware attack is that it wants to be seen. It is designed to be immediately visible, to notify you that you have been breached and your data compromised. It’s the attacks that you can’t see that are the ones you need to be most worried about – notably the latest data breach to Dixons Carphone involving 5.9 million payment cards and 1.2 million personal data records.  According to reports, this hacking attempt began as far back as July 2017 – it’s now nearly a year on from when they were first compromised.

Ransomware isn't the biggest IT security threatImage Credit: Pixabay

You can apply that logic in any scenario, not just IT security. You may visit the doctor with a heavy cold, but you wouldn’t know if you had other more serious health issues, without further tests and scans.

Ransomware is still a danger

Certainly though, it is not to say that the threat of ransomware is not important and nobody is saying that ransomware isn’t a big threat, because it is. But if ransomware is the very visible threat you (and the public) see, what about the hacks and data ex-filtration that you don’t see, like the Dixons Carphone breach – until its too late?

NHS WannaCry ransomware attack

Firstly, ransomware is not a threat that should be taken lightly. In fact, more than 4,000 ransomware attacks have occurred every day since the beginning of 2016, which is a 300 % increase over 2015 where 1,000 ransomware attacks were seen per day – according to the CCIPS. If you dig a little deeper into the threat, a study from Kaspersky has shown that between January and September 2016, ransomware attacks on businesses increased from once every 2 minutes, to once every 40 seconds.

In many cases, it all starts with a simple click on a malware-infested link, or innocuous looking email attachment. It can only take one click!

The biggest threat to your IT security

As you will know, your inbox – together with everyone else’s across your organisation – is often the cause of the problem. Popularly known as phishing, the practice of sending fraudulent emails purporting to be from reputable companies to induce individuals to reveal personal information, including passwords and/or credit card numbers is a constant threat.

Fake Apple Email Phishing

Image Credit: Telegraph

Phishing and ransomware work hand in hand – the number of phishing emails containing a form of ransomware grew to 97.25% during Q3 2016, up from 92% in Q1 2016, based on a study from PhishMe 2016 Q3 Malware Review. Phishing emails have continued to grow as an attack mechanism for ransomware, and the fact that ransomware mainly occurs because an email cyber attack shows where the root of the problem truly lies.

Humans are by far the weakest link

They can fall for the same thing over and over and over again. The Friedrich-Alexander University conducted a study on phishing scams, revealing that 78% of people claim to be aware of the risks of unknown links in emails, but they clicked anyway because they look so convincing that it’s almost impossible to tell what is genuine – and what isn’t.

Perhaps the most recent example of just how much impact an email cyber attack can have is the situation with Equifax. The credit reference agency admitted in October 2017 that 694,000 customers in the UK had their data stolen between May and July earlier this year, different from the figure they originally estimated which was nearly 400,000 victims. The massive data breach was part of an attack on the firm’s worldwide customer records in which the personal details of 146 million people in the US were stolen, with those in the UK still feeling a big impact.

  • 637,000 phone numbers were stolen
  • 29,000 driving license numbers were stolen
  • 15,000 Equifax membership details, usernames and passwords were stolen
  • 12,000 email addresses were stolen

Despite originally denying it, the firm finally revealed that the data breached did include passwords, secret questions and answers, along with partial credit card details.

Understanding and defending against the hidden cyber threats

You’re able to deal with ransomware as it appears right in front of you with the intention of receiving a payment, but it’s often those attacks that are lurking in your systems for months and are collating all sensitive data that have the real impact, as those that don’t want to be seen do the most damage and that’s what you need to be most concerned about and put methods in place to combat this simple yet severe issue.

So, how do you protect your organisation from cyber attacks?

Firstly, ask yourself this question – Do you know if you’ve been hacked?

The answer is invariably “I don’t know”.

In the hyper-connected, mobile and IoT world we live in, it is commonly understood that you simply cannot defend every door and window – even if it is locked. There are now too many ways to get in and, you also need to patrol your castle grounds for threats from within, which is why organisations rely on around-the-clock security monitoring, within your infrastructure, in the form of a SIEM platform, and often, an outsourced 24-7 security monitoring team.

A SIEM platform is the essential tool to safeguard your IT systems and your organisation’s critical data – to protect, detect and alert users to potential threats, in real-time.

With sensitive data stored on your networks, a SIEM platform lets you detect and respond to breaches immediately, prevent data loss and defend against the most sophisticated cyber threats we see today – faster and with far greater accuracy. 

LogRhythm Animation

Advanced Cyber Defence – ensuring your infrastructure is fully protected

A great place to determine the best way to manage your organisation’s cyber security is to evaluate and assess your current security landscape.  A vulnerability assessment scan represents an impactful first step towards a more secure IT security posture, and can make your organisation considerably less attractive to cyber attackers in a matter of days. 

Our expert assessment provides a comprehensive and detailed snapshot of your IT infrastructure, highlighting your exposure to known vulnerabilities, closing the door to attack from phishing, ransomware and other malware. Why not download our free vulnerability assessment sample here to see the kinds of data you can get back?

Further reading

About Comtact Ltd.

Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24x7x365 from our ISO27001-accredited Network & Security Operations Centre (NOC/SOC).

At the heart of Comtact’s state-of-the-art Security Operations Centre lies a layered suite of technologies and experts, integrated with the newest cutting-edge security solutions – to extend security intelligence and provide visibility beyond the reach of the everyday analyst – helping secure some of the UK’s leading organisations.