EC News DeskIn 2019 the average ransom globally was around $80,000, and in 2020, the average payout more than doubled to approximately $170,000. As attackers get more sophisticated, we could potentially see the average payout move into the millions. In 2020, research has shown that the average dwell time for ransomware was 13 days, with an average of 18 days of downtime reported.
Ransomware protection
The typical solutions for ransomware protection include next-generation endpoint security, external and internal threat intelligence, phishing defence, security awareness and training and user behavioural analytics. If a ransomware attack happens, it is then critical to have access to expert compromise assessment and incident response services.
Sophisticated attacks
Ransomware attacks are becoming more successful year-on-year. This is because threat actors are becoming more sophisticated. 2020 saw threat actors taking advantage of vulnerable organisations distracted with mitigating the fallout from the pandemic and conducted their most dangerous attacks to date. Most large organisations have some form of established defences against ransomware based on the attackers’ common tactics. Since most attacks on enterprises are human-operated, it is vital that defenders understand the new tactics, techniques, and procedures, TTPs, used by threat actors so that they can thwart attacks at different stages of the attack lifecycle.
Other key reasons that ransomware continues to prevail is because state-sponsored threat actors are taking interest in ransomware, and because long-standing e-crime actors still use commodity malware to penetrate defences and then help ransomware operators obtain initial access to target networks. This has given rise to the Big Game Hunting trend and Ransomware-as-a-Service, RaaS.
Ransomware solutions
CyberKnight’s ransomware solution stack covers the entire attack cycle:
- Next-generation endpoint security
- EDR: Crowdstrike
- Browser Isolation: Cyberinc
- External & internal threat intelligence
- Deception: Attivo
- Attacker-centric intelligence: Crowdstrike
- Phishing defence, security awareness & training
- Anti-Phishing: Phishrod
- Anti-Spoofing: Valimail
- User Behavioural Analytics: Stealthbits – Netwrix
- Compromise assessment and incident response services
- Crowdstrike
Unique vendors
- Crowdstrike’s endpoint security powered by threat intelligence stops ransomware in its tracks.
- Attivo Networks detects and stops lateral movement while giving visibility into what attackers are going after.
- Most security solutions stop attacks between steps 3 and 7 in the attack kill chain. Remote browser isolation from Cyberinc stops ransomware at step 2, before it is weaponised.
- Phishrod defends against phishing, the number one delivery vehicle for ransomware.
- Less than 30% of companies currently enforce DMARC protection, which is the only way to stop email spoofing and brand impersonation. Valimail does this through an automated platform.
- Ransomware attacks look like insider threats that target file systems. Stealthbits – Netwrix secures sensitive file data with User Behaviour Analytics.
Channel strategy
CyberKnight provides channel partners comprehensive pre-sales and post sales services, so there is no specialised training programme required to effectively implement these solutions at customer sites. CyberKnight’s technical teams have the product know-how required to architect, implement, and support the solutions, and in turn train our channel partners enabling them with the same expert capabilities to support their customers.
Ransomware campaign
Anyone in cybersecurity will agree that ransomware continues to be one of the primary threats to organisations, so there is significant market demand, but CyberKnight will simultaneously be offering special incentives for channel partners that position the ransomware stack in order to provide their customers with enhanced cyber resilience as quickly as possible. The incentives in the ransomware campaign include guaranteed margins and SPIFFs for sellers.
Ransomware operators are less concerned about the industry and more focused on scope and scale, which is why organisations with large networks are most at risk. Therefore, with the ransomware campaign, CyberKnight will be prioritising enterprise and government customers across the Middle East.
This content has been partially sponsored.
