Ransomware set for new twist in 2018

Security is going to be a continuing issue next year, with a stark lack of resources and expertise, even in the channel. Ransomware exploded in 2017 says Carbon Blacks’ security strategist Rick McElroy. “We had said it was 2016, but we were wrong…..then 2018 is going to be really bad. It is not just ransomware for its own sake – you will see it used as a last resort to get into systems with good security. Think of attackers either gathering intelligence or gathering profit – or as a distraction. Hammering the networks and system can divert scarce resources while a different attack goes in.”

And because ransomware amounts are small, some individuals are paying them themselves rather than tell senior management, so the full nature of the problem may not be apparent. The criminals and states running ransomware operations are sophisticated and getting more so, he told a roundtable discussion: “They are already running advanced analytics to maximise their returns.”

“The other point is that if you think you will need to pay a ransom – you need bitcoins and they take 4-6 weeks to arrive. To fix the problem – the world needs to stop paying, but this is not going to happen, even though it is the only way to stop it. The money that is paid goes back into ransomware innovation.” So it can only get worse.

A lot of companies are not staffed to prevent ransomware. There are lots of things they could do, he explained, including disaster recovery, multiple backups etc, but the problem is that the systems were never built with this resiliency in mind. There is a shortage of untrained people, which is arguably more important rather the overall numbers, he says. “It is better to have an effective person on the scene.”

But skilled security individuals are in demand from all sort of places including the dark side. Can technology deliver an answer to this? Rick McElroy: “We are working as fast as possible to automate these elements – from its inception Carbon Black saw this, but we need to get the fewest tools [from various other vendors as well]and get them working together. Tools need to talk to other tools with API calls. And there are a lot of processes and they get engaged in a matrix.” Hence the complexity.

Security professionals inside the customer organisation will also come up against a reluctance among users to change and this makes it hard. “As a vendor we have to keep that in mind. We can have the best security but if it takes three years to roll out, it won’t be used,” he said.

Thomas Hansen, Chief Revenue Officet and EVP at Carbon Black says: “Security is now a board level item, but the actual resource level shows a gap –if the typical medium sized company in the UK or Europe has one dedicated resource that is  good but most have IT generalists who are trying to apply vanilla solutions. The trend we see is SMB are outsourcing the security aspect to a security specialist and solution provider.”

David Fearne, Arrow ECS Technical Director: "The enterprises are facing huge problems – mobility for example – with security implications; to ensure the mobile device can be used securely, that it can’t be unlocked remotely, but can be managed."

“There are increasing specialist areas, including services, where partners may need to combine their services – perhaps the distributor can almost be the puppeteer and coordinate them into a main contractor/sub bidder model -  we are starting to see a formalisation of the model in the IT industry where even the largest SIs don’t have all they need in house.”

Just the security portfolio in Arrow includes 45 vendors with a matrix of products, making it “incredibly complex”. “There has been some automation and we have seen some good examples, but the services are needed more widely. Even that is a huge undertaking to implement, looking at a multivendor automated world. Until we can figure out how to checkpoint everything the reality Is a lot of different speeds in the separate products and solutions”