Data breaches vs ransomware: what's the difference?
Lessons from local and global hacks.
It is clear that South African organisations are at risk from the same cyber attacks that affect major global economies. The cyber threat landscape is constantly evolving in order to get around existing defence mechanisms.
Cyber criminals are now using hacking attacks and insider attacks to gain access to endpoints and extract data from within the organisations network, resulting in a data breach. A data breach in which the data is held for ransom is not the same as a ransomware attack. Ransomware generally restricts access to the data on infected machines until the ransom is paid. A data breach however is a security incident in which sensitive or confidential data is copied and stolen from the organisation, it can then be used in a number of ways both for financial gain and to cause harm.
Conventional file-based ransomware attacks, although still a threat, have become somewhat commoditised, and can be contained using execution control found in certain next-generation endpoint detection and response (EDR) technologies.
"There is a distinct shift from cyber criminals using malware and file-based attacks, to sophisticated hacking attacks and insider attacks on an organisations network, that result in data breaches", says Jeremy Matthews regional manager, Panda Security Africa.
In 2016, Yahoo announced that the login data of all 3 billion of its customers' accounts had been stolen. This massive data breach had far-reaching effects for all those involved: reputational damage as a result of the breach resulted in the devaluation of the company which was eventually sold to Verizon for a hugely discounted $350 million.
Recently, financial services provider Liberty Holdings was attacked, resulting in a data breach that is said to have included corporate and customer e-mails and attachments. Although the hackers have demanded a ransom for the return of the data it is important to recognise that this was not a ransomware attack that restricts access to data, but rather stolen data is being held for ransom.
The risk of a data breach is not solely financial, access to confidential company and client data can have serious consequences. Consider the kinds of e-mails and documents one shares with healthcare providers or financial institutions. Those e-mails could very well contain highly sensitive information such as ID numbers or medical information, which might be used as the master key to carry out future targeted attacks. This information is far more valuable than a password, should hackers get hold of your ID number, you can't simply go out and get a new one.
Avoiding these attacks is not easy, it requires a comprehensive approach to cyber security that includes new-generation EDR technology, proactive threat hunting and corporate policies and procedures for handling data.
"The most effective way to root out advanced threats is to invest in new-generation endpoint technology that will both harden protection and enable full visibility of endpoint processes and behaviour", says Matthews. EDR solutions such as Panda Adaptive Defense with its 100% attestation module and integrated threat hunting and investigation service (THIS), provide additional layers of protection by monitoring all processes running on endpoints in the network and gathering log data to identity potential risk areas.