PC Matic CEO, Rob Cheng, has always had his finger on the pulse of evolving cyber security technology. It’s what led him to found PC Pitstop in 1999, the company that later became PC Matic. His insights have always been ahead of his contemporaries.
Back in 2016, Mr. Cheng sat down with Bob Bragdon, publisher of CSO. For reference, “CSO is the leading information source for chief security officers (CSOs) and senior executives when making critical decisions regarding effective security and risk practices while driving business forward.”
Mr. Bragdon shared a statement made two years earlier, in 2014, by Symantec declaring antivirus to be dead. Similarly, Gardner stated that the focus should be changed from prevention to detection and response. Mr. Bragdon asked Mr. Cheng his thoughts. What followed was an insightful look at the future of ransomware. Many of Mr. Cheng’s predictions came to pass. Let’s take a look at the most important points.
Antivirus Is Dead
Rather than declare antivirus dead, Mr. Cheng suggested that we abandon the use of the blacklist. He explained the differences to Mr. Bragdon, noting that whitelist is effective prevention because it only allows through the known good. Whitelist is the only preventative measure against polymorphic viruses. Because polymorphic viruses are able to mutate, traditional antivirus, or blacklist software, was inefficient because someone would always have to be infected before that particular strain was identified and stopped.
A good deal of the apprehension toward the whitelisting approach, however, revolves around the prevalence of false positives. That, in turn, creates more work for IT staff to update and maintain the whitelist. Mr. Cheng’s answer to this was a policy still in effect at PC Matic today. Our Support Team does the work of updating and maintaining the whitelist. We also provide support to customers and IT specialists using our products.
In the wake of the shortage of IT professionals, and the security concerns raised in the past year by businesses, this helps fill part of the gap in security. By removing the burden from an already stressed IT team, we free up their ability to monitor other security issues within their organization. It’s a win-win.
So Mr. Cheng’s comment that abandoning prevention completely would be a “misstep” was spot on. In fact, in April of 2019, the Cybersecurity & Infrastructure Security Agency (CISA) released a whitepaper with clear guidelines for ransomware prevention. The final bullet point in the prevention guidelines was to use and keep updated preventative software.
The Evolution of the Attack
When asked about his predictions, Mr. Cheng noted the rise of polymorphic ransomware. In 2016, it wasn’t that prevalent. By 2019, 93.6% of malware was polymorphic. Mr. Cheng’s foresight was spot on with the progression of ransomware.
But the evolution of the viruses wasn’t the only prediction Mr. Cheng made. He explained to Mr. Bragdon that the exploitation of vulnerabilities on the machine would go far. It hadn’t yet been used as a primary source of attack.
While there have been other instances in the 5 years since Mr. Cheng’s prediction, the most notable, has been in the recent news. After the SolarWinds breach, ransomware attacks have exploded. On March 11th 2021, Microsoft disclosed the Microsoft Exchange vulnerabilities were being used to facilitate ransomware attacks.
Right in line with Mr. Cheng’s predictions, one of the largest software giants on the planet was compromised via an exploitation of vulnerabilities.
Where Security Is Needed
Mr. Cheng was passionate about the need for endpoint security. “Technology is so embedded in everything we do,” Mr. Cheng says, noting that everything from schools to hospitals to government are all reliant on their endpoints. Indeed, these have all made news in the past year for continual security breaches.
To his point, 70% of successful attacks in 2019 originated on the endpoint. So the suggestion of focusing less on endpoint security by both Symantec and Gardner was not only misplaced, but also a dangerous lack of foresight. Endpoint security is more crucial than ever.
The Cost of Ransomware
At the time of the 2016 interview, the numbers for ransomware in 2015 were in. The FBI stated that the total cost for that year was around $20 million. Acer computer manufacturer was hit in March of 2021 with a single ransom of $50 million which was double that of the 2015 overall total for all ransomware. By the end of 2021, 6 years later, the estimated yearly cost of ransomware will be over $20 billion.
But monetary values aren’t the only costs of ransomware. As we outlined, in our Work From Home report, there are business and human costs associated with ransomware as well. Prevention is a key part of minimalizing the effects it has on real people.
As we look to the future of ransomware, we can only speculate where it will go. We can guess, however, that Mr. Cheng has a pretty good idea of what that future looks like. Let’s make sure we’re listening.
Watch the full interview below.
1,373 total views, 21 views today