Fifteen days ago, I wrote about an interview PC Matic Vice President, Corey Munson, had with the CEO of Secure Anchor Consulting, Dr. Eric Cole discussing cybersecurity prevention and application whitelisting. As you may recall, one of Dr. Cole’s biggest concerns, was the threat of extortion upon becoming a victim of ransomware. For those who don’t remember, or perhaps are unaware, here’s the deal. Ransomware threats have evolved beyond the basic level of data encryption hoping for a payday. Upon becoming infected with ransomware, many cyber criminals are also stealing the encrypted data. They then threaten to expose the data on the dark web, in an effort to solidify their payday. Now, based on recent reports, it appears they are standing behind their threats.
Reaction Is No Longer Feasible
KnowBe4 has confirmed over 700 organizations who fell victim to ransomware, had their data exposed in the second quarter of 2021 alone. This is a 47% increase quarter over quarter for 2021. The cause for the spike is quite clear, organizations are not paying. What we don’t know is, did they not pay the first time, or did they refuse to pay for a second, third, or fourth time? As discussed with Dr. Cole, cyber criminals have now created a residual income model by stealing organization’s data. If the company doesn’t pay initially, or on a reoccurring basis, the hackers will expose the organization’s client, patient, or customer data.
With the growing threats of ransomware, and the looming dangers post infection, the time has never been more critical than now, for Americans to focus on prevention.
Shifting to Cybersecurity Prevention
Late last week, PC Matic joined the collaboration with NIST’s NCCoE to develop a practice guide for zero-trust technologies. By deploying zero-trust technologies, organizations are becoming more stringent on who has access to what, and what is allowed to run within the organization’s network. It is because of PC Matic’s application whitelisting technology, that they were selected to collaborate with the NCCoE.
Prevention is key, and application whitelisting has been identified as the gold standard through several federal organizations.
A Layered Approach
Understandably, many organizations already have their security stack in place. Unfortunately, this security stack, often times, does not include a zero-trust approach. Ripping the existing security solutions out of every endpoint and server is daunting. Fortunately, a layered approach works just as well. By adding application whitelisting to the existing security software, the two are able to run cohesively together. Therefore, significantly enhancing the integrity of the digital infrastructure, effectively closing the security gaps cyber-criminals exploit.
Endpoint detection and response is no longer an all-inclusive option when it comes to thwarting cyber threats. Cybersecurity prevention utilizing zero-trust infrastructures will be key.
638 total views, 2 views today