A Brief History of Ransomware

In just 15 years, ransomware attacks have gone from a slapdash type of scam to a major and lucrative weapon for cybercriminals. 2005 to 2012. Early ransomware emerged as a subclass of scareware – a basic social engineering technique that attempted to frighten users into buying software (usually phony antivirus software). Early ransomware was unsophisticated, relying on panic more than advanced cryptography. Often, targets were able to reclaim their targeted data with ease.

Why is Ransomware Such a Problem in 2020?

Ransomware is such an issue because the 15-year history of this threat has seen various nefarious forces coalesce. Email gateways are overwhelmed because of huge, botnet-driven campaigns, polymorphic malware, and URLs escaping attachment detection techniques. The explosion in third party cloud channels, used by every enterprise and individual on earth, has dramatically expanded the threat surface. There are far more attack vectors than there were even a couple of years ago. Phishing attacks (the main source of ransomware attacks) are now about far more than just email.

How Does Ransomware Work?

There are three main vectors that ransomware can get inside a device or system. The most common methods are: Email Phishing, Social Media Phishing, Exploit Kits.

The Different Types of Ransomware

All forms of ransomware restrict access to files or data that are valuable to the user, and then demand payment in order to recover that access. Within this overall approach, there are various types of ransomware: Crypto-malware, Scareware, Lockers, Doxware/Leakware, RaaS (Ransomware as a Service)

How Can Enterprises Prevent a Ransomware Incident?

On the whole, ransomware attacks are frighteningly successful. The malware and the techniques are constantly evolving, and once encryption takes place, it can be very hard to reverse. Free ransomware decryption tools are often out of date, ineffective, and when they don’t work, their use can anger attackers. The reality is that, hit with a sophisticated ransomware attack, most enterprises pay. Some best practices include: Back Up and Test Restoring, Gain Powers of Detection, Educate Employees On Cybersecurity Best Practices, Constantly Update And Patch Operating Systems And Software, Monitor Endpoints for IOAs (Indicators of Attack), Incorporate Digital Risk Protection Into the Core of Cybersecurity Efforts.

Tips for Mitigating a Ransomware Attack

When it comes to ransomware, prevention is better than cure. However, should an organization be unfortunate enough and fall prey to ransomware, the following steps should be followed: Remove The Device From The Network, Notify Law Enforcement, Use Digital Risk Protection to Establish The Scope of Attack, Consult with Stakeholders to Develop the Proper Response, Get the Post-Mortem Right.

Instant and secure communication solutions provide cybersecurity, compliance, and data retention for instantaneous forms of digital messaging. These solutions reconcile two needs: the need to embrace the cloud channels that drive modern business, and the need to stay secure and compliant.

"Fast-changing patterns of instant communications challenge enterprises looking for confidentiality and compliance assurances while enabling workforces and customers to communicate efficiently. Security and risk management leaders must address new use cases with new solutions."

-- Gartner, Market Guide for Instant Communications Security and Compliance

Modern enterprises need both internal and customer-facing communications to be instantaneous. This is the pace of communication that individuals and industries have come to expect. To fail to meet these expectations is to guarantee falling behind the competition.

WhatsApp, Facebook Messenger, WeChat and and Telegram have approximately 2 billion, 1.3 billion, 1.2 billion, and 400 million users respectively. It is within these channels, that the instant communications that drive modern human connections take place. Engaging these channels is mission-critical for enterprises that want to optimize the customer experience.

However, these channels exist outside the traditional security perimeter. This presents a serious security and compliance challenge in terms of visibility and risk remediation. Moreover, the volume and velocity of communications occurring on these channels can be overwhelming for all risk teams, highlighting the immediate need to secure communications over insecure channels.

"Security and risk management leaders need to utilize a combination of policy, additional tools and monitoring to ensure compliance and secure usage of WhatsApp, WeChat and other popular communication apps." -- Gartner

All modern businesses are undertaking digital transformation projects that rapidly increase their engagement with cloud applications. Enterprises know that new digital channels are no longer nice-to-haves, but are central to revenue growth and customer engagement, especially in high-growth emerging markets.

At every enterprise, mobile channels are increasingly a core part of operations, used across multiple departments. Channels such as LinkedIn, WeChat, WhatsApp, Telegram, Facebook, and Twitter are routinely used by marketing, sales, and customer experience teams. There is a need to implement effective methods of securing channels of communication immediately, particularly channels that exist in the digital space.

Core Challenge:

Security and compliance teams do not possess the visibility required to properly secure communications over insecure channels.

Tens of thousands of messages are often exchanged on these channels every month. But the teams responsible for making sure that these messages don’t contain security or compliance risks cannot get their arms around even 10% of these messages. Sampling – taking this 10% and treating it as representative of the other 90% – is a poor solution.

As a result, security and risk teams are faced with a lose-lose situation:

They can try and forbid the use of these mobile communication channels. They can try and forbid the use of these mobile communication channels. This choice is unrealistic and hurts business in an increasingly borderless digital landscape.
Alternatively, they can accept that shadow use occurs, and accept the attendant risk exposure. This is untenable.
Secure instant communications solutions offer the third way: The channels can be embraced, without any attendant risk exposure, as long as communication channel security is achieved.

Cybercriminals know that billions of people – and many lucrative businesses – are leveraging the mobile channels that facilitate instant communications. This means that a whole gamut of digital risks threaten the world of instant communications.

Compliance & Regulatory Threats

Companies in highly regulated industries – finance, healthcare, government – have to work hard to stay compliant. These regulations include heavy controls over how businesses can communicate with individuals. For example:

Pharmacovigilance laws contain rules around the discussion of adverse events and off-label use.
Financial regulations laws restrict discussions of certain financial products.

To stay compliant, companies need to be able to monitor all such discussions, and take swift action when necessary.

This monitoring and visibility is very hard for companies to achieve when staff are increasingly embracing modern instant communication channels such as WhatsApp, WeChat, and so on. These channels are black boxes for risk teams. And within a large and steady stream of communications, just a handful of messages from one rogue sales agent could prove to be an issue. Even internal communications can present compliance issues; a real challenge when more than 90% of employees connect with their colleagues using instant messaging apps.

More and more, to do business, companies in healthcare, finance and other regulated industries need to embrace the third-party cloud channels that facilitate instant communications. But at present, many companies don’t have anywhere near the visibility and oversight they need to guarantee compliance.

Enterprises know this is a secure communication issue. A Florida-based broker was fined $5,000 and suspended 30 days without pay for messaging three clients through WhatsApp without the approval of the management. But an approach like this is a whack-a-mole tactic that cannot guarantee long-term stability to business operations.

Industrial Espionage & State-Sponsored Attacks

Cited by Gartner as one of the chief risks of instant communications, 20% of the world’s corporate organizations see industrial espionage and state-sponsored attacks as their biggest threat. What The Economist terms “offensive cyber-power – the ability to do harm in or through computer networks” is set to loom larger and larger in the coming years.

Industrial espionage attacks often target the instant communication channels that both public and private sector executives use on a daily basis. However, most enterprises lack the visibility to see into these channels and detect when their staff are interacting with accounts or content that could be harmful.

One sobering example here is the Pegasus spyware. Produced by Israeli NSO Group, Pegasus hit an estimated 1,400 WhatsApp users, many of them human rights activists, lawyers, dissidents, and journalists. The spyware came with a malicious code that caused the infected mobile device to link to a remote server. Without the ability to detect threats emerging within WhatsApp, all of these victims lacked the protection layer they needed.

Similarly, Labyrinth Chollima, a North Korean threat actor, has used WhatsApp to deliver malicious payloads. With a last detected attack in June 2020, Labyrinth Chollima connects with enterprise employees on LinkedIn, and lures them to WhatsApp, where the victims are hit with malware-laced messages and content.

Insider Threats & Data Loss

Billions of confidential records are breached every year. Almost 90% are compromised via insiders, both malicious and inadvertent. A great portion of these are leaked through instant communication channels, chiefly messaging apps and collaboration platforms.

Consider how liberally sales teams use messaging apps such as WhatsApp and WeChat to contact customers and prospects. Reams of information

SGC - Pillar Page Graphic_Defining the Risk 2-1

All of these third-party cloud channels are swimming with sensitive data, and they play host to constant interactions with the wider digital world. Without visibility and oversight, they are inherently vulnerable to spear phishing attacks, ransomware payloads, account takeovers, or just acts of plain old bad judgement.

According to a recent cybersecurity report, insider threats have grown by 47% in 2020. This is no surprise, when most companies lack the capacity to secure communication channel generating thousands of interactions every day.

LEARN MORE ABOUT WECHAT RISK MANAGEMENT
FOR MARKETING AND CUSTOMER ENGAGEMENT

The theme of data retention and compliance ties strongly to the need to address compliance and regulatory threats. As Gartner describes it:

"In certain industries, regulations — such as the Health Insurance Portability and Accountability Act (HIPAA) and the regulations issued by the Financial Industry Regulatory Authority (FINRA) — encourage or require protection, auditing and archiving of communications… Data retention is an increasingly important feature, as it enables monitoring and archiving for regulatory compliance purposes, and instant deletion for security assurance."

Increasingly, the lack of records of all corporate communications constitutes a major breach of compliance and governance laws. However, most instant messaging apps don't retain data as standard. A comprehensive data trail is essential for many modern enterprises; effective processes for protection, auditing, and archiving must be implemented. This is where secure instant communication solutions come in.

As standard, many companies find themselves storing peoples’ personally identifiable information (PII). It is their responsibility to safeguard this sensitive data in adherence with local and global compliance regulations. HIPAA includes strict rules around patient data. As healthcare practitioners increasingly move to instant communications tools generating thousands of messages every day, adhering to these regulations is harder than it was in the pen and paper era.

The same goes for FINRA (the Financial Industry Regulatory Authority), which regulates the conduct and communications of banks, credit unions, stockbrokers, and brokerage firms. FINRA’s Regulatory Notices 10-6 and 11-39 refer to the corporate use of social media and record-keeping, while SEC Rule 17a-4(b) orders financial firms to preserve all social media and other digital communications by their employees for at least 3 years.

These compliance pressures cannot be fully adhered to without the right secure communication solution. This means solutions that loop in the third-party cloud channels over which many enterprises currently have zero visibility. Data retention requires that companies extend archiving to third-party instant messaging apps, such as WeChat and WhatsApp.

Some secure instant communications solutions are partly or wholly tied to devices. Many such solutions include “a hardware-based root of trust. This can be the secure enclave or trusted execution environment (TEE) natively available on mobile devices, or a microSD card. Some solutions are instead part of stand-alone hardened smartphones.”

As Gartner acknowledges, “software-only solutions in the form of an application are the easiest to deploy and run.” Hardware-based solutions “impact user experience.” But there is a deeper issue here. Securing devices is a dated, vulnerable approach.

The future of communication channel security lies in securing applications, not devices. The BYOD era is waning, because the cloud channels where communications happen are device-agnostic. They can be accessed through an app or a browser, with the device only ever acting as a conduit.

Proper security channels of communication mean instantiating protection at the moment of interaction, at the level of the cloud.

When enterprises weave secure communication into a Security by Design posture, when they integrate effective methods of securing channels of communication into their strategy, defense translates into offence. Knowing that they are secure, IT teams can give sales and marketing the green light to drive revenue.

Case Study: Brazil-based pharma giant unlocks the power of WhatsApp

A Global100 pharmaceutical company needed to improve interactions with healthcare providers in the crucial market of Brazil. To achieve this goal, the company's 400+ person field force needed to leverage WhatsApp, Brazil's most popular messaging platform. However, the company had no way to ensure that WhatsApp was protected against both security threats and compliance violations. They couldn’t meet customers on their own terms, and sales were suffering as a result.

With our communication channel security solution, the company achieved 100% coverage of all their WhatsApp communications – over 118,000 messages every month. Our platform automatically detects and quarantines potential malware threats in links or attachments, and flags potential compliance issues, protecting the field force. As a result, sales interactions are now far more frequent, and of much higher quality.

HCP_messaging

Case Study: Global asset management firm empowered to embrace WeChat

An asset management firm controlling $50B in assets needed to optimize communications with the Chinese market. Penetrating this market required empowering their asset managers to utilize WeChat. However, China possesses strict censorship laws and complex regulations. Without an added layer of protection, it was impossible for the firm to ensure that their managers’ communications were remaining compliant. Outreach was suffering.

By investing in our secure communication solution, the firm’s asset managers can now freely engage with the Chinese market, while ensuring communications are compliant and 100% archived. Each month, our platform secures an average of 880 WeChat messages, automatically flagging all indicators of malicious content, ransomware, data leakage, and compliance violations. All WeChat content flows seamlessly into the firm’s existing Global Relay archive, creating further efficiency gains.

"Threats to mobile applications and devices pose security risks to global enterprises. Security and risk management technical professionals responsible for IT security, especially in organizations with high security or compliance needs, must have an in-depth strategy to defend mobile devices."

-- Gartner, "Advance and Improve Your Mobile Security Strategy"

Products

Platform

By Role

By Industry

By Channel

Resources

Knowledge Base

Secure Communications Channels

Executive Summary

Security and Communication Networks