Issue link: https://cp.revolio.com/i/359333
THE DATA CENTER JOURNAL | 13 www.datacenterjournal.com wary of. Oen disguised in a legitimate email attachment, a CryptoLocker attack may come from various sources. When activated, the malware encrypts certain types of files stored on both local and net- work drives. Although CryptoLocker itself is readily removed, it appears that paying the ransom is the only way to recover files that had not been backed up. According to the FBI, an estimated $27m in ransom payments were made in just the first two months of its life. Of course, the more we give in to these criminals, the more they'll do to hold us to ransom. e question remains as to what business should do to mitigate the risk of falling victim to an attack. As technology evolves, so do the threats being developed by hackers, who have a whole host of moti- vations for wanting to disrupt businesses of all sizes. It's a constant battle but, thank- fully, one that has resulted in increasingly sophisticated security tools coming to the market. In many ways the hackers have more opportunities to attack given the prolif- eration of devices being used to access systems and data remotely, all of which can potentially leave the door open and create vulnerabilities. It's also interesting to note that the biggest increase is in malware tar- geting Android devices. Some would point to the move to the cloud as an issue, but in reality the best data centers are typically far more secure than most server rooms, and the processes in place to protect them are, by necessity, extremely robust. But a key driver for adopting cloud-based services is oen to open up applications and informa- tion to a greater number of people in a variety of locations, and that's the element that can be difficult to control. is increasing complexity has led some to suggest that traditional antivirus (AV) is effectively dead. In reality, however, it's simply been absorbed into what is re- ferred to as "endpoint security" to provide a more holistic solution. Endpoint security is expected to deliver far more than AV by controlling policies, applying restrictions to web browsing, managing encryption and password policies, locking down USB ports, and protecting devices from all potential vulnerabilities. As technologies converge and the move to the cloud continues, it's fair to say that nothing in the modern IT environ- ment exists in isolation. Equally, IT secu- rity should be part of a broader conversa- tion about risk management and business continuity. An industry leading UTM (unified threat management) product, mobile-device management, encryption and an effective monitoring service is the starting point. UTM avoids the potential problems of bolting together solutions in a way that will create compatibility challenges and leave unwanted gaps, given that the perim- eter of any system has become increas- ingly difficult to define. But it's not only about the technology. Security should be part of a broader conversation about risk management and business continuity. And importantly, for many businesses some basic policies and practices, and a degree of common sense, sitting alongside the tech- nology could actually be the most effective way to reduce the chances of an attack. In fact, there's a risk that simply delegating responsibility for your protection to some faceless third party is actually the equiva- lent to burying your head in the sand and hoping that you never have to face the consequences of a security breach. In relation to CryptoLocker and similar threats, adequate and robust backup routines should ensure that it's possible to recover data without resorting to ransom payments. Sadly, we're all too oen unknowingly the architects of our own downfall, and many have developed bad habits that must be addressed to avoid frittering away the money spent on IT security. A well-implemented password policy is one of the most basic security tools. Aer all, it's a little clichéd, but you are only as strong as your weakest link; and for many that's the human interface—that is, the users—and hackers are just as likely to use social-engineering techniques and ma- nipulation as they are to deploy malware and botnets. Uneducated users can be susceptible not only to social engineering, but also phishing, viruses and malware, oen not even recognizing the warning signs or symptoms when they see them. Rogue devices on your network can alter its behavior without you even knowing, giv- ing attackers visibility of all data flowing across your network. Malicious users, on the other hand, know exactly what they are doing and can abuse their privileges by stealing, deleting or modifying data. And if allowed to do so, disgruntled ex-employees can still wreak havoc, compromising known vulnerabilities or installing back- door access and taking advantage of their insider information. So why is it so important for busi- nesses to ensure that they have the right IT security measures in place? Two of the key drivers are legislation and business continuity. For many businesses, FSA regu- lation, PCI DSS (Payment Card Industry Data Security Standard) or Sarbanes-Oxley will be a consideration. And failure to ensure suitable security could result in prosecution. Of course, those who have data stored in the cloud need to be confi- dent that their provider has the appropriate levels of security in place, and that's likely to include multi-factor authentication. In terms of business continuity, downtime can be very costly indeed and that's not only the financial implications but also the impact to reputation. No business wants its people sitting around unproductive. Some could effectively lose a couple of days of revenue that they'll never recover, or more as they catch up with any backlog that's caused by the disruption. en there's the domino effect for those who promise next-day delivery or rapid=response services, with the impact going well beyond the immediate financial loss to result in dissatisfied customers who might not buy again in the future. In fact, we've estimated that it would take as many as five or six days to rebuild the PCs for an average company (typically an SMB) affected by CryptoLocker, and that's on top of $15,000 in ransom payments if a suitable backup isn't in place. ankfully, in a world where most of the threats are unseen and it's difficult to know exactly where your blind spots are, experts are battling constantly to fight off the threats that continue to evolve at the same rate, if not faster, than exciting new technologies are introduced. e key for businesses is to understand their vulner- abilities and work with partners that they can trust to guide them in the implementa- tion of policies and the deployment of the most appropriate and effective technolo- gies. n About the Author: Paul Burns is national technical director at TSG, offering assistance in the U.K.-wide sales team. He has served at TSG for over 10 years and has held a variety of technical roles. For more information visit www.tsg.com/technical-telecoms/security