Category

Blog

Revitalized NAC for LAN and Cloud

By | Cloud Security | No Comments

As long as enterprise organizations try to maintain private networks, the challenge of determining which devices are considered safe for entry will remain. Whether this access decision is made using physical or virtual enforcement controls does not matter much from a policy perspective. Organizations desiring private LANs will simply want something workable to determine which devices are allowed admission, and which are not.

Traditional enterprise local area security teams have relied on a technology known as network access control or NAC to provide such policy enforcement. NAC is sort of like transportation security at your local airport: You arrive at a checkpoint, you present requested credentials, you go through some careful screening, and then an access decision is made. None of this is convenient, and none of it happens instantaneously. But we all agree that it is necessary.

What are the prospects for NAC in a world where the traditional LAN is being rapidly evolved by mobile and cloud? And what of the disappointment many security experts have previously expressed with NAC?

Enterprise NAC faces challenges, and many 802.1X-based implementations burdened by unbridled complexity. But the prospects for NAC in the modern enterprise are dramatically improving, coupled with powerful means for extending such protections to the cloud. “Next generation network access controls for cloud,” according to Portnox CEO Ofer Amitai, “will be a critically important component of the virtual enterprise.”

The original approaches to NAC had several challenges from the outset. First, they tended to be vendor specific, with required endpoint agents, and mitigations based on network traffic manipulation. These methods carried considerable downside; for example, few non-trivial networks are built on the capability and offerings of a single network vendor. Even in the presence of standards, interoperability issues were often the root cause of problems.

Portnox has focused its NAC product efforts on addressing these challenges directly for both the enterprise LAN and the extended hybrid cloud (to include IoT systems as well). Seamless, agnostic coverage of multiple vendor deployments, for example, is one of the focus areas of Portnox – and this should be welcome news to any network security manager supporting complex functional requirements for the hybrid enterprise.

Perhaps the most evolved NAC consideration in the Portnox suite is its emphasis on visibility across access layers. Surprisingly, early attempts at visibility from NAC were downplayed, simply because the (stubborn) presumption was that access policy would be enforced at LAN admission time. This carries the logical assumption that only good devices would ever be permitted entry to the LAN – which we all know is not how things evolved.

All of this is good news for any CISO team operating on an existing perimeter-based LAN (which means essentially every CISO team), with clear transition on-going toward hybrid cloud. The requirements to protect admission and entry to the corporate network remains a control demand in every framework I’ve ever seen. It, therefore, stands to reason that teams should partner with NAC vendors who understand the present – as well as the future.

Tips to Stay Secure in the Mobile Enterprise

By | Cloud Security | No Comments

Enterprise mobility, or an approach to the workforce that enables employees to do their work from any location using available devices and applications, is a growing trend tied to digital transformation. In a 2016 survey conducted by Harris Poll, 90% of IT decision makers marked enabling enterprise mobility as a significant chunk of their IT spend due to its positive impact on workplace satisfaction, customer engagement, competitive stance and operational productivity. Yet despite the benefits of workforce mobility for a company’s business, there are a number of inherent IT security concerns that come along with the shift away from the office.

Enterprise mobility is strongly tied to BYOD trends in the enterprise that encourage employees to use their own smart devices (smartphones, tablets, laptops and watches) instead of investing extraneously dedicated corporate devices. The up-side of this trend is the budgetary savings, but the downside is that IT departments have less control over what’s connecting to the enterprise network and a weaker understanding of the vulnerabilities BYOD devices may introduce. Whether an employee intends to or not, their device may introduce cyber threats to the network that are difficult to control, as the device is not managed. Therefore, for companies that want to securely engage in BYOD and enterprise mobility, an agentless network visibility and control solution is essential, filling in the gaps on device health posture and providing methods to address threats, if they arise.

Another issue with enterprise mobility is location. Just as the location of a store is directly tied to how much it sells, the location of a connection, no matter where, is a good determiner of its security If an employee heads out on vacation with their laptop to do some work, you want to ensure that they can securely access company data without compromising it. Some IT departments set a range of valid locations from which employees can connect, but this limits the scope of activity for mobile, international organizations. Therefore, a network security solution that can provide visibility and automated methods of control will ensure that “sketchy” connections won’t jeopardize the safety of the entire network; and if they do, those connecting devices will be automatically blocked or quarantined until they are in a location with a safe connection.

A third, but by no means final, issue with enterprise mobility is that it is directly tied to the cloud computing trend. While this is great news, for a variety of reasons that we lay out here, many cloud applications only have rudimentary authentication methods that ensure the employee connecting is really who they say they are. Therefore, it’s important to have stronger authentication measure in place, either tied to a RADIUS server, Active Directory or based on a multi-factor authentication mechanism when they are connecting, be it over a wireless network or VPN connection. The cloud can definitely be trusted, but with the spike in cyber attacks such as distributed denial of service attacks and malware, it’s a good idea to add an extra layer of protection for accessing company documentation over the cloud.

The pace with which companies are embracing enterprise mobility leads many to believe that office building could soon be a thing of the past. However, it is important to remember that while employees may seem to have all the tools they need to effectively complete their tasks remotely – a laptop computer and phone connection – there is important network security ground to be laid prior to enabling this shift. By controlling access to the company network and its data, enterprises can safely engage in the mobility trend with the confidence that their network is as safe as it would be if everyone was still working from the office.

National Cyber Security Awareness Month is all about sharing knowledge to promote a safer and more secure internet environment for all users. When you hear of threats, inform your peers to prevent spreading, and always remain wary of what you search, receive and send over the internet. Awareness and education are the best ways to beat hackers!

Stay #CyberAware

A New IoT Botnet Is Upon Us – What You Need To Know

By | IoT | No Comments

As if we all haven’t gotten over the Mirai botnet attack that happened last year, there’s news of a new IoT botnet in town. “IoTroop” or “Reaper” as it is being called by security researchers at Check Point and Qihoo 365 that discovered the attack, is said to affect millions of devices, but it’s still early days with information still being compiled on the full list of vulnerabilities.

So far, 9 exploitable vulnerabilities have been identified in Wireless IP security cameras from manufacturers such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology, and others. Check Point and Qihoo report that they identified recurring security vulnerabilities in the IoT devices beginning from the end of September, but report that the recruitment phase of the botnet attack is still underway, with up to 10,000 new devices compromised each day.

IoTrooper/Reaper appears to use some vestiges of code from the Mirai attack, but as opposed to the Mirai attack that recruited IoT devices with factory default or missing telnet credentials, this botnet attack dives deeper into inherent IoT hardware and software vulnerabilities. This makes the potential for recruitment much greater in this current attack, garnering the potential to take down the entire internet, according to experts. These “thingbots”, as they are called,  carry out distributed denial of service (DDoS) attacks to the similar effect of Mirai, or create the possibility of an anonymity network, which allows for anonymous surfing of the internet and preventing network surveillance.

Before panic over the potential damage ensues, know that there are ways to secure IoT devices and prevent them from being recruited as thingbots. The first step is to check if there are available firmware updates for network-connected IoT devices (particularly those from manufacturers listed above), and to verify if your security solutions have picked up on one of the 9 published vulnerabilities being targeted.

Next, a rule of thumb with all IoT devices is to disable the peer-to-peer (P2P) communication mechanism that’s available on many security cameras and DVRs. With P2P enabled, hackers can remotely locate and gain access to vulnerable devices that may not be connected to the internet. In addition, consult with security professionals regarding your IoT security stack – if you aren’t using an IoT visibility and detection solution, now is the time to consider the investment. With IoT botnet attacks proliferating, organizations should do everything in their power to understand and protect their enterprise IoT environment.

Finally, and most importantly, don’t panic. At the moment, we know very little about the intentions, scope and warpath of the IoTroop/Reaper attack, so don’t jump to any conclusions just yet and do not abruptly disconnect connected devices; if those devices are infected, they could cause significant network-wide damage once disconnected, not to mention data loss.

If we thought that Mirai was as bad as IoT botnet attacks could get, it appears that IoTroop/Reaper is here to prove otherwise.

Find out about Portnox’s IoT Security Solutions and start protecting your network from botnet attacks today.

Portnox integrates with Check Point’s ThreatCloud solution to provide complete control and strong security for enterprise network IoT.

What KRACK Means For Your Wireless Networks

By | Threat Detection and Response | No Comments

Last week, news surfaced of a serious vulnerability with the Wi-Fi Protected Access II (WPA2) protocol that is used to secure the majority, if not most, protected Wi-Fi networks. According to the research, published by Mathy Vanhoef of the University of Leuven, the vulnerability lies in the 4-way handshake that is part of the WPA2 protocol, which can be manipulated to carry out man-in-the-middle attacks on network users, forcing them to reinstall the encryption key. Furthermore, Android and Linux devices can be tricked into reinstalling an all-zero encryption key, making it possible for the hacker to intercept and manipulate traffic from these devices when they are connected to the WPA2 network.

The implications of discovering such a vulnerability are huge as most modern networks are protected through the WPA2 encryption protocol, but there are a few caveats. For instance, in order to carry out a KRACK (Key Reinstallation Attacks), the hacker needs to be in close logical proximity to the Wi-Fi range. In addition, browsing over HTTPS may protect some traffic from interception, as it is protected with an additional level of encryption. Yet, at the moment, it appears that most devices that support Wi-Fi are affected, including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys and more.

So what are the implications of the discovery of KRACK for the enterprise network?

By manipulating the KRACK vulnerabilities, hackers (or even employees, guests and contractors) within close vicinity of the Wi-Fi network can eavesdrop and alter information being transmitted over the network. While the location caveat does have its benefits for smaller and tighter organizations, for larger organizations with far-reaching networks, it provides little solace.

Though little is still known about how the KRACK vulnerability will be addressed (or when a new secure wireless encryption protocol will be issued), there are a number of steps that enterprise IT departments can take to secure their data.

  1. Install the latest security patches and updates: This is a given, following any vulnerability, and should become standard practice throughout the enterprise. If possible, use a network access control solution to alert IT administrators and employees, when their devices are in need of updates, and enforce those updates by quarantining or blocking non-compliant devices until their security posture is updated. Also, regularly check for firmware updates that address WPA2 vulnerabilities across all connected devices and appliances.
  2. Look out for IoT devices: Direct attention to all connected devices – not just managed and BYOD devices – namely IoT devices that present a challenge as many of them cannot be patched or updated with the most recent firmware. Consider sandboxing IoT devices into a separate part of the network until a larger solution for the WPA2 vulnerabilities is reached. Currently, those organizations that depend on the data processing capabilities of IoT devices should be concerned and take all possible measures to protect and manage the security of these devices.
  3. Maintain consistent visibility into connected endpoints: One of the best ways to identify vulnerabilities is to maintain consistent visibility into connected endpoints. That way, if there is suspicious activity being carried out on the network, or if device specifications have been changed (good indications of a KRACK breach), IT administrators can take actions to control access for the device in question. Consistent visibility makes it easier to establish regular patterns of network behavior, providing important context when it comes to identifying and preventing cyber attacks.
  4. Consider wired networks: While these may seem like a thing of the past, in most organizations, wired internet connections still exist in some form. Encourage employees to connect their managed and professional devices over wired networks where possible, at least until firmware updates are installed and a remediation policy is put in place. For mobile devices and BYOD, ask employees to refrain from engaging in work-related activities over the enterprise Wi-Fi connection until the vulnerability is effectively addressed.
  5. Use WPA2 AES-CCMP as opposed to WEP, WPA/WPA2 TKIP and GCMP: The researchers identified that with WPA-TKIP or GCMP, hackers can not only decrypt encryption keys, but forge and inject new encryption packets. Therefore, it’s better to use a different encryption method until a more concrete solution for secure WPA encryption is reached.

The most important thing to remember about WPA is that there is no use in panicking. Most connected devices and enterprise networks are affected at this point. Mathy Vanhoef and his team at the University of Leuven have done us all a favor by informing us of the vulnerability, giving IT departments and security experts an opportunity to shore up their Wi-Fi security and take measures to prevent data loss.

IoT

IoT Poses Risks in Home, But There Are Ways to Remain Secure

By | IoT | No Comments

Imagine: You’re sitting at home on a conference call for work and, unbeknownst to you, hackers have gained access to the files you’re sharing on the call. How did they do this you ask? It’s really quite simple: through your smart home IoT devices. Because IoT devices like smart fridges, garage doors, home alarms, baby monitors and even toasters are connected to the same wireless network used to host your conference call, hackers can hijack those vulnerable, unsecure devices and gain full access to everything happening on your network. Soon enough, you might discover that they’ve gained access to your organization’s customer data, business plans and internal financial reports.

IoT devices are inherently insecure and there are a myriad of real-world examples of this very kind of occurrence. Take the massive denial of service (DDoS) attack on the Internet traffic company Dyn in 2016. The attack affected major Internet platforms and services such as Airbnb, Amazon, Box and PayPal, to name a few. It was later discovered that the attack targeted over 100,000 Internet-connected devices such as IP cameras, printers, residential gateways and baby monitors to install Mirai malware. The Mirai malware then overwhelmed Dyn-hosted sites with traffic so that they were forced to deny service to users.

The Mirai botnet is only one example. Recently, cybersecurity researchers at Black Hat 2017 proved that the mechanical components of an automated car wash could be hacked, including the entrance and exit doors, dangerously trapping the passengers of the vehicle inside. The hack was achieved by gaining access to internet-connected operating system running the car wash parts, which was protected only by a default password, readily accessible on connected device archival networks, such as the Shodan Network.

Despite these examples, only a handful of IoT device manufacturers are taking heed. As more consumers purchase connected devices – an integral part of the smart home – it’s worth taking a few precautionary measures to prevent the device from wreaking real havoc.

  1. Segment IoT Devices: Most people don’t have two wireless connections in the home, which could make segmenting a challenge, but it’s really quite easy and entirely necessary. A lot of recent 5G networks come with a 2.4G or option with a weaker bandwidth, just in case the higher bandwidth has performance issues. If you have two networks, set up the IoT device on the network with the lower bandwidth and keep it there. You could even create a separate network for all of your IoT devices, if you want to be on the safe side. Make sure to create a different password for your IoT device network so that if hackers commandeer the device, they can’t access private information.
  2. Change Default Passwords: This tip should really be the first direction in any IoT device instruction manual, but it rarely is. The moment that you begin the installation process for an IoT device, make sure to change the default password to something that’s hard to guess and not the same as other passwords that you commonly use. Even using your telephone number presents a risk as hackers could somehow access that information. This step is crucial as the passwords of connected devices are available over the Internet (see the car wash example).
  3. Create a Back-Up Plan: If some of the critical systems in your home are connected devices, make sure that you have a back-up plan in place in case they go haywire. This may seem like a silly enough step, but hacker’s goal is often to inflict physical and psychological damage on their targets in order to extract a ransom payment. A go-to strategy would be to disconnect and reset all of the IoT devices if they start acting out of line, but sometimes even those steps can’t remediate the problem. Try to consult with an expert or cybersecurity professional at the point of purchase and ask them about a continuity plan, or data back-up if the device stores information.

IoT devices are quickly becoming the mainstay of home appliances which is why it’s important to know the risks and have strategy in place that will help you recover in case the connected device is compromised. Until IoT device manufacturers are required to integrate security software into their products, make sure you are taking precautions while implementing connected technology.

National Cyber Security Awareness Month (NCSAM) is all about sharing knowledge to promote a safer and more secure internet environment for all users. Inform your peers when you hear of threats to stop them from spreading and always remain wary of what you search, receive and send over the internet. Awareness and education are the best ways to beat hackers!

Stay #CyberAware

Portnox CORE is the Proud Winner of the Computing Security Awards in the NAC Category!

By | Our Technology | No Comments

Portnox is proud to announce that it is the winner of the Computing Security Awards 2017 “Network Access Control Solution of the Year”. Portnox’s on-premise NAC solution, Portnox CORE, was nominated as the best NAC solution of the year through a submission process open to the public, and was selected as the winner by Computing Security Awards’ board of judges. The announcement was made at an event for all of the nominees in London, England on October 12th.

While this is the first Computing Security Award won by Portnox, it is not the first time that Portnox CORE has been recognized as a top NAC solution by industry leaders in 2017. Portnox CORE was recognized with the following awards in 2017: Cybersecurity Excellence Awards, Best of InteropITX in the Security category and the Info Security Product Guide.

Portnox CORE is a leading solution for on-premise NAC that provides complete visibility into the enterprise network, including connected endpoints of various types in various locations, as well as control mechanisms to ensure that security policies are thoroughly enforced. Portnox CORE was one of the first NAC solutions to integrate an Internet of Things visibility radar, which includes the ability to automatically register new MAC addresses, providing enterprise IT teams with a security solution for IoT devices. In addition, Portnox CORE is an agentless solution, making the transition into BYOD and emerging technologies a simple and natural process for the digitally transformative enterprise.

Empowered by the recognition from the Computing Security Awards win, Portnox’s development teams will continue to introduce innovative, demand-driven features into Portnox CORE’s product offering. Portnox’s goal has always been to provide visibility and access control into all endpoints, everywhere, and Portnox CORE as a key role in helping us realize that vision.

Portnox CLEAR, Portnox’s cloud-based NAC product, has also been recognized by a number of industry leaders for taking a leap into the cloud security space ahead of other major NAC and cybersecurity solution vendors

Read more about Portnox CORE, Portnox’s NAC solutions, or request a demo!

How to Discover and Control a Vulnerable Device

By | Our Technology | No Comments

With BYOD, IoT and the growth of the mobile workforce, CISOs and system administrators are faced with mounting challenges in discovering and controlling all of the devices on their network. The proliferation of these technologies makes it easier for hackers to gain access to the network, by gaining control over and access to rogue and vulnerable devices, although they have obvious benefits for business. In this environment, a cloud-based network access control solution like Portnox CLEAR can go a long way in identifying and automatically controlling access for endpoints on the corporate network, both on and off premise.

Watch the following video to find out how easy it is to discover and control vulnerable devices with Portnox CLEAR.

Nominate Portnox & Portnox CLEAR in the 2018 Cybersecurity Excellence Awards

By | Cloud Security | No Comments

Portnox is proud to announce that it has been nominated in two categories for the 2018 Cybersecurity Excellence Awards, in the company category for “Most Innovative Cybersecurity Company” and in the product category, for the second-year in a row, Portnox CLEAR is nominated in the “Cloud Security” category. The Cybersecurity Excellence Awards are an annual competition, produced in partnership with the Information Security Community on LinkedIn, which has over 400K members and recognize companies, products, and individuals that demonstrate excellence, innovation, and leadership in information security.

Portnox CORE was the proud winner of the 2017 Cybersecurity Excellence Awards in the IoT Security Category for its “IoT Visibility Radar” that provides complete visibility into IoT devices on the corporate network. With the IoT Visibility Radar, organizations are able to discover the characteristics and location of IoT devices and set their network access policies. With this feature, organizations gain control over the IoT devices present on their network, to protect against hidden threats and vulnerabilities resulting from a lack of IoT security solutions.

Additionally, Portnox CLEAR was selected as a 2017 Cybersecurity Excellence Awards finalist in the Cloud Security category.

As Portnox continues to innovate the network access control space with its CORE, on-premise, and CLEAR, cloud-based, solutions, vote for us and show your support! Click here to nominate Portnox for “Most Innovative Cybersecurity Company” and here to nominate Portnox CLEAR as the top “Cloud Security” solution for the 2018 Cybersecurity Excellence Awards.

Thank you for your support and best of luck to all of the candidates!

Ransomware and Internet of Things: Partners in Crime

By | Threat Detection and Response | No Comments

If you’ve been reading cybersecurity publications lately, you’re probably aware that ransomware  and Internet of Things (IoT) are now some of the biggest concerns within the cybersecurity community. Besides all of the relevant scenarios and security products that are presented to prepare for or attempt to prevent ransomware attacks or an IoT breach, there is one scenario that isn’t being talked about – ransomware attacks on IoT devices. This blog will attempt to shed some light on how these factors can work together to put your organization, and even human lives, at risk, as well as suggest ways that such an event can be prevented.

At the recent Black Hat conference in Las Vegas, two cybersecurity researchers, Billy Rios and Jonathan Butts demonstrated how the mechanical arm of an automated car washing machine could be hacked to cause damage to a vehicle, and potentially threaten human life. This is not the first time that Rios and Butts have put a connected device to the test; the team has successfully hacked a pacemaker and a smart car to highlight life-threatening vulnerabilities. They are probably not the only team that has made a point of demonstrating the dangers of IoT malware and ransomware, yet still, manufacturers, organizations and consumers continue to produce, purchase and deploy these inherently vulnerable devices. What makes IoT ransomware a grave security flaw?

Let’s start by stating that all connected devices (not just IoT devices) are potential victims of ransomware attacks because they are connected to the Internet. Ransomware attempts to gain access to mission-critical data on the network, then encrypting that data until the organization or individual pays the ransom (usually in a cryptocurrency), at which point they are provided the encryption key to recover the data. While ransomware is well understood when it comes to more “traditional” devices such as computers, phones, and servers, IoT devices are rarely considered as a point-of-entry, and if they are, there’s no way to patch, protect or install anti-virus software. Really, your best hope with an IoT device is that the manufacturer installed firmware and that there are available upgrades that somehow address ransomware risks. In the majority of cases, these firmware updates simply do not exist.

Then there’s the issue of visibility. When organizations and individuals connect IoT devices to their network, the excitement of deploying a new technology resulting in greater efficiency tends to overshadow precautionary measures to ensure the device is secure. There are a number cases in which organizations were attacked via IoT devices that they didn’t have knowledge of. In addition, many of these devices have default passwords that can be easily discovered through the Shodan search engine, Hydra or other IoT search tools and password generators. In most cases, the username is ‘admin’ and well, the password is the same. Oversight of IoT devices on the network greats a gaping hole for hackers to plant ransomware that, while not directly targeting the IoT device, can reach the mission-critical data they are after by gaining access to the network.

Finally, there is the physical aspect of IoT devices. Usually, these devices are deployed to control temperatures in the HVAC room, or as a smart coffee machine, smart TVs and in industry as part of the movement to connect machinery to the Internet (Industry 4.0). That means that unlike most computers and other “traditional” devices, IoT devices are tied to a physical function that could have real, and potentially dangerous consequences. The demonstration of the car wash hack is a good example, but what about IoT door locks that could trap people in a building or prevent entry, or a smart TV that allows for espionage. At the moment, the majority of these are hypothetical scenarios, but as the Mirai botnet incident demonstrated (what’s known as a pivoting attack), the hacking of IoT devices presents a real threat that should be addressed now, rather than later.

At the moment, IoT manufacturers aren’t doing much to make sure these devices are secure, so what should organizations eager to implement IoT devices do to make sure that they aren’t putting their network at risk?

The first thing that should be done is to find out if the IoT devices you’ve deployed have firmware, and if they do, if that firmware can be upgraded. But, as mentioned, not all IoT devices have firmware, which is why the next step should be to secure the IoT network with firewalls or create a network perimeter. With the devices quarantined in a “safe” part of the network, pivot attacks and access to mission-critical data on other devices are (largely) out of the question. Visibility is key for knowing where hidden threats lie on the network, which is why a solution that discovers IoT devices, their location and characteristics should be an essential part of any security stack. If possible, deploy a network access control solution that will allow for authentication of IoT devices to ensure that vulnerable devices can’t enter the network and gain access. Finally, and as previously mentioned, consistently update the default passwords and manage the security certificate lifecycle (if any).

While we haven’t heard of too many IoT ransomware attacks yet, you can bet that they will be in the news soon enough. Beat the black hats to the chase and shore up your network with IoT visibility, discovery and control tools that will protect against malicious exploits, including malware and ransomware.

Find out more about Portnox’s Rapid Ransomware Control & Response Solutions.

How to Avoid the True Cost of Ransomware

How to Avoid the True Cost of Ransomware

By | Threat Detection and Response | No Comments

Recently, ransomware attacks on enterprise were all over the news. From the massive WannaCry attack in May 2017, which affected 300,000 devices worldwide (if not more), and the Petya (also known as NotPetya) attack in June 2017, it seems that there is no rest for the ransomware wicked. More than ever, businesses are aware that they need to have a ransomware game plan, and fast, because if not, they might find themselves in the headlines, having to take on the enormous costs of the attack aftershock, or worse – losing business due to system downtime and outages.

The wide-reaching effects of ransomware attacks on large corporations such as FedEx, Merck, HBO and Maersk are living examples of why it is important to avoid paying the true cost of ransomware remediation. The US pharmaceutical giant Merck was attacked by the Petya strain in June, yet still the organization is struggling to recover all its information and to account for the damages. The attack cost the organization billions in downtime, not to mention the significant funds required to staff around-the-clock IT experts, lawyers and PR reps to get business back on track. Global entertainment giant HBO was presented with a multi-million dollar ransomware demand this August, wasting billions in ad revenues for the company. These are just two examples that highlight the need for a review of remediation procedures, as well as ways to avoid paying the true cost of ransomware.

One of the easiest ways to avoid paying the true cost of dealing with a ransomware attack is simply not to pay the ransom. This may seem to go against organizational, or even your moral principles, but it has been established that paying the ransom seldom pays off. That’s because it’s unlikely that the hackers will release back all the information, upping the PR costs of dealing with potential media backlash, and, despite paying the ransom, showing a willingness to pay might brand your company as an easy target in the hacker community. But more than that, paying the ransom won’t prevent future attacks, because, in most cases, ransomware is distributed at random to any of the non-patched or vulnerable devices that particular strain is targeting. That’s why it’s a better idea to use the money that would go toward paying the ransom to shore up your cyber defenses, authentication tools and network firewalls.

Then there’s the issue of backups. Many organizations create a ransomware response plan that involves storing critical data on a secure server so that they can quickly bounce back from an attack. Yet while it is a good idea to back-up critical data, it’s possible that the back-up won’t recover all the information that’s in hackers’ hands. This presents threats to the stability and safety of your organization, and creates the possibility of a PR mishap (see the HBO example). In addition, the most recent ransomware attacks are targeting network-connected computers that have access to these back-ups, which means that attempts to fully restore systems are largely futile. So while back-ups are a good practice that should remain part of remediation plans, they shouldn’t be too heavily depended upon to get you back on your feet.

The bottom line: You need a multi-pronged approach to remediation.  If there’s one thing that can be said about ransomware, it’s that it doesn’t discriminate, which is why, more than ever, companies need to have the right remediation plan in place to avoid paying the true cost of ransomware attacks. A good place to start is integrating a solution that will allow IT professionals to remotely disconnect corporate devices from the network. This will help prevent the lateral spread of the attack throughout the organization, on both patched and unpatched devices (because the latest NotPetya strain targeted both). In addition, it’s important to have constant awareness of network areas at risk. This can be done by deploying a network access control solution that provides full visibility into devices, assess their level of digital risk to your business, and controls which devices are allowed on the network, and which aren’t.

To avoid paying the true cost of a ransomware attack, i.e. system and employee downtime, PR brand name damage as well as brand equity loss, and legal efforts and recovering data losses, your organization should consider a multi-faceted remediation approach that integrates a network authentication and endpoint control solution, allowing for business continuity with customers and partners.

Find out more about Portnox’s Rapid Ransomware Control & Response Solutions.