What Businesses (by size) were Targets of Ransomware Q1 2021?

Q: What was the Median Size of Businesses Attacked by Ransomware in Q1 2021?
A: 200 – Because Midsize Enterprises are the Preferred Target.

Surprised? There’s more: Almost 76% of ransomware attacks in Q1 2021 were on businesses with less than 1,000 employees. And typical ransomware downtime? 23 days.¹ Let that sink in for a minute. When our friends over at Cybereason recently interviewed U.S. victims of ransomware, over 30% reported impacts so severe that they forced temporary closure – full-on closure, that is, not partial – of their businesses.

If you are the CEO or CIO of a midsize enterprise, consider how your business, and your customers, would fare if your systems were offline for over three weeks, and how your customers would respond. Especially now, as you try to grow your way out of the impact of the COVID pandemic. These thoughts are chilling, which is why so many C-level execs in midsize businesses are actively redesigning their cybersecurity approaches around a core objective – ransomware prevention.

While it is the Colonial Pipeline and JPS Meat Processor class of attacks that make the headlines, the data show that SMBs are primarily in the crosshairs. Why? Well, many don’t have the financial strength or technical expertise to prevent the incident in the first place or, once an incident has occurred, to properly handle it and take the right countermeasures to prevent further attacks. As Zero Trust thought leader Dr. Chase Cunningham recently noted, small businesses that are hamstrung by limited budgets and bench strength represent the greatest challenge to stemming the expansion of the rapidly growing ransomware economy.

Medium Size Organizations Respond

CIOs of midsize enterprises are finding that budgets, while still tight, are opening up a bit. In fact, when looking at security spend as a percent of overall IT budgets, a recent Google survey found that firms with an employee count between 500 and 1,000 led. While they obviously don’t have the budgets of the Global 2000, they do have something to work with.

Ideally, these CIOs are also aware of some effective new tools and techniques that can be deployed in their battle against ransomware. Here are a few:

• New Strategic Approach – Zero Trust Security: Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything, whether inside or outside of its perimeters. Instead, they must verify anything and everything trying to connect to their systems before granting access. The strategy around Zero Trust boils down to not implicitly trusting anyone. And once some level of trust is established, limiting access to only what the user truly needs to get their job done.

• New Solutions: Zero Trust has recently caught fire as a strategic approach because powerful new tools have emerged that move it from the whiteboard onto the security playing field. Some key ones to know about:
  • Zero Trust Network Access: One of the most important shifts in combatting ransomware is the move to adopt Zero Trust Network Access (ZTNA) to enable remote application and system access. Older remote access technologies like VPNs establish network-level connections for remote devices. This means that if a hacker compromised a VPN via a vulnerability like the one recently announced by SonicWall, they could quickly move laterally within a network to lock up any and all internal servers. Suffice it to say, when a VPN is compromised a lot of damage can be done. With a ZTNA-based approach, a 1:1 connection is established between the external user and the specific app or resource they are requesting. If malicious content is introduced, it cannot move laterally in the network. Some call this “reduction of the blast radius of ransomware,” I call it a simpler and more secure remote access solution.
  • Zero Trust Web Browsing (Remote Browser Isolation): Remote Browser Isolation (RBI) takes the concept of Zero Trust and applies it to interactions with the web. It assumes that every website a user visits has the potential to deliver malware to the user’s browser on the endpoint, which then could move laterally within the corporate network to deliver ransomware. Here is how it works:
    • When a user opens a website, the RBI solution generates a virtual browser in an isolated container in the cloud
    • The website is executed in the virtual browser
    • Only safe rendering information is sent to the user’s device
    • Users interact with the websites as usual, using their device browser

The beauty of the approach is that because websites do not execute on the endpoint, no ransomware can be delivered via the endpoint browser, even if a user visits a malicious website.

• • Zero Trust Email (Email Threat Isolation): The other big way that users enable ransomware and other malware to infect their organizations’ networks is by clicking on links in emails. Remarkably, despite regular, intensive anti-phishing training, users keep on clicking. The same solution discussed above, RBI, can also isolate users from email ransomware threats delivered via phishing websites. Additionally, websites launched from URLs in emails can be rendered in read-only mode to prevent users from entering credentials. Attached files are sanitized before being transmitted to endpoints, ensuring that malware within downloads cannot compromise users’ devices.
  • Identity Based Segmentation: Like the ZTNA-based controls we mentioned earlier for remote access security, identity-based segmentation (microsegmentation) approaches can be used to enforce least privilege access controls within a company’s network. So if a user connects to your LAN with a laptop that they allowed their kid to use for gaming the previous night, they will only get access to—and risk–the limited set of resources they truly need to do their jobs. This means if ransomware got onto the user’s laptop, the impact of the attack will be dramatically reduced since the malware cannot easily move broadly across the network.
• New Partners – The Rise of the Midsize Enterprise-focused MSSP: Midsize enterprises have new options to help them as they battle their cyber-foes – Managed Security Service Providers. These organizations, which offer cybersecurity technologies as a managed service, have security subject matter experts to complement the IT teams of the businesses they support. As a result, they have become go-to resources for midsize enterprises looking to quickly move to Zero Trust security to combat ransomware threats. By my last count, there were well over 1,000 MSSPs in the United States that focused on providing cybersecurity services specifically to midsize enterprises. That’s a lot of options.

ZTEdge – Zero Trust Security Designed with Midsize Enterprises in Mind

To be honest, the cyber-statistics I shared at the beginning of this blog were not a surprise for me. I’ve been doing business in the midsize enterprise market for a few years now, and I am quite familiar with the unique challenges this part of the market faces. In fact, it is precisely these challenges that led the company I work for to introduce a platform called ZTEdgeTM, which is the industry’s first Zero Trust security platform designed for the midsize enterprise market. Delivered via MSSPs focused on providing services to SMBs, ZTEdge is a comprehensive cybersecurity platform that cuts complexity, reduces cyber-risk, and improves performance, all at a price point dramatically lower than alternative solutions.

Please take advantage of the resources available on www.ericom.com, including our whitepapers that provide useful information for organizations beginning their move to Zero Trust. While you are there, you can also sign up to receive weekly news from Dr. Zero Trust, aka Dr. Chase Cunningham.

¹Coveware Z1 2021 Cyberthreat Report

---

Share this on:

---

About Gerry Grealish

Gerry Grealish, ZTEdge CMO, is a security industry veteran, bringing over 20 years of marketing and product experience in cybersecurity, cloud, analytics, and related technologies. Responsible for marketing and business development, Gerry previously was at Symantec, where he led the product marketing and go-to-market activities for the company’s broad Network Security portfolio. Prior to Symantec, Gerry was at Blue Coat, which he joined as part of Blue Coat’s acquisition of venture-backed Cloud Access Security Broker (CASB) innovator, Perspecsys, where he was Chief Marketing Officer.