The COVID–19 pandemic is not only forcing employees to work from home, but all of a sudden brought IT leaders onto the center stage with perhaps their greatest career challenge: To support an entirely remote workforce, while ensuring the same levels of cybersecurity the office provides. In a recent conversation with CXOToday, California-based cybersecurity firm, Active Cypher’s CEO, Mike Quinn and CTO Dan Gleason, offer their expert opinion on how CIO/CISOs can secure remote workers during the corona crisis, the perils of ransomware and the company’s efforts to keep the cybercriminals at bay.
CXOToday: Hackers begin exploiting the Covid-19 situation at enterprises. How can CIOs guard their turf and ensure secure remote access during such difficult times?
Mike Quinn: In effect, the sudden jump in remote work has opened a Pandora’s Box for CIOs as every employee’s home network becomes a potential support ticket nightmare and an unknown vulnerability. The stresses on IT departments as large portions of their firms have gone remote are also contributing to security lapses as attention is diverted from the monitoring of threats and prevention to setting up loaner laptops, connecting new machines to home printers, resolving longstanding Wi-Fi issues, and painstakingly dealing with the technologically challenged.
CIOs should develop tiered response plans to:
1) Ensure their workforce has the tools to work remotely, like video conferencing software and VPN access.
2) Quickly deploy solutions to strengthen remote security infrastructures and close very evident gaps.
3) Prepare for the worse. The danger of data breaches and ransomware attacks has increased dramatically.
4) The CIO and CRO often ensure they have a zero-dollar Incident Response (IR) contracts in place.
These IR contracts drive faster response to any cyber-attack regardless of vector. New remote workers are introducing a fresh set of unknowns. While COVID-19 may be disrupting a business’ supply chains, security threats from hackers have in fact increased – some are seeing a 40% increase in attacks. As IT budgets may see downsizing, it is key that easily deployable, affordable solutions that will maintain long-term security are utilized.
CXOToday: In the event of a ransomware attack do you think most companies are prepared to strike back?
Mike Quinn: Absolutely not. Ransomware has been on the mind of most CIOs for several years right now. The dirty secret behind the manner many companies are dealing with ransomware is that they are indeed paying the ransom. And feeding the beast doesn’t help the problem. We had one customer who, before Active Cypher started working with them, paid ransomware criminals an astounding $80m ransom. Another client was paying $2m per month, with no end at sight. Of course, this is all very embarrassing for companies, so they tend to keep these payments under wraps.
CXOToday: How do you see the ransomware trend of 2020?
Mike Quinn: Ransomware is exploding. The unique vulnerabilities of remote work paired with the downturn in the market unfortunately means that there might be a number of smart, recently laid off programmers inclined to find a new income stream. The rise of the RaaS (Ransomware as a Service) model, which offers the extortion tools to cybercriminals for a fee, has grown in popularity. For instance, the developers of the infamous GandCrab ransomware have boasted on message boards that they were retiring after their RaaS made an astounding $2 billion in total, netting $150 million for them personally. The question is will GandCrab ever come out of retirement? What about copycats?
CXOToday: What kind of solution are you providing to secure the enterprise? Could you explain the technology behind the new solution?
Dan Gleason: We recently launched Ransom Data Guard, which enables enterprises to recognize and repel ransomware attacks utilizing a combination of proprietary Active Cypher encryption orchestration, smart AI, and advanced endpoint protection. Automated AI-powered sensors recognize ransomware threats allowing Ransom Data Guard’s proactive protection to block ransomware before it can attack a client’s files. Ransom Data Guard’s Survival Mode provides recovery and continuity for an enterprise through the automatic and instantaneous recovery of all its protected files to a new, or “cleaned” machine from a USB drive, Bluetooth, air-gapped virgin server, or Cloud account (like Dropbox, OneDrive, Google Drive, etc.). According to an IDC report, downtime of a company can cost on average $250,000 per hour. Rapid comprehensive reaction to an attack is the key.
CXOToday: What must CIOs focus on to check ransomware attacks effectively?
Dan Gleason: The cautious CIO should take the approach that their organization is already infected with ransomware. For the majority of ransomware attacks, user’s negligence is the problem. If a firm has employees, it is only time until they get ransomware. Yet IT departments should stop playing roulette hoping that they are not the ones to fall this month, but should instead take a proactive approach to first securing their data end-to-end, through automated file-level encryption like what is offered through Active Cypher File Fortress. Secondly, they should utilize solutions like Ransom Data Guard that effectively shields clients from all permutations of ransomware attacks like WannaCry, RobbinHood, TeslaCrypt etc., by obfuscating data and actively countering malware when it attempts to attack. Employee cyber-training only gets you so far.
CXOToday: What are your business plans for the next 12 months? Please highlight any India-specific plans.
Mike Quinn: The success of India’s economy and the rise in the number of businesses has unfortunately led hackers to increasingly attack the country. We address our Indian clients in a similar fashion as we currently handle other global clients – our product is not intensive in prep or installation and company IT teams can download and install very easily in half a day. Our Scout product provides pre-install audit and assessments that provide “best practices” for tuning your Active Directory/Azure Active Directory. Our goal from the start of development was to make our products basically hands-free installation and operation. We have just joined Microsoft’s co-sell program and will soon be named a Gold Partner. Microsoft’s new focus on security has helped propel us to many enterprises worldwide that not only wanted to find a solution to counter ransomware but also protect their data at the file-level.