KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Ransomware Attacks have become the biggest single cyber risk for enterprises of any size and industry. Research indicates a steep rise not only in the number of attacks, but as well in the average damage per incident. It is therefore essential that organizations are prepared for these attacks.
At some point, any business connected to the internet is likely to become a victim of a ransomware because they are relatively easy and inexpensive to carry out, but potentially yield large payouts for cybercriminals. The best way of tackling this threat is to know how to break the attack chain. Join security experts from KuppingerCole Analysts and BeyondTrust to find out why digital transformation has massively increased the attack surface, what you need to know about ransomware, why it appears to be winning, and how to create effective defenses against it.
John Tolbert, Lead Analyst at KuppingerCole is joined by Brian Chappell, Chief Security Strategist at BeyondTrust to discuss what security practices can realistically be implemented to defend against ransomware, which has become one of the most common cyber threats facing most organizations, particularly those in the energy, shipping, wholesale, retail, healthcare and financial industry sectors. These experts and security industry veterans will also discuss the role that Privileged Access Management (PAM) can play in mitigating the risks of ransomware and other cyber threats by reducing the opportunities for attackers to access and navigate targeted IT environments.
When the worst happens, and your defenses are breached, how do you respond? This engaging workshop, led by an experienced CISO, takes you through the crucial first hours of a cyber-attack. Using real-world examples and first-hand experience, the workshop highlights the immediate steps and strategies essential to mitigating damage and restoring operations. It provides insight into the tactical responses required during these stressful moments and offers guidance on how to create a robust response plan to prepare your organization better.
Attendees can expect to walk away with a better understanding of incident response management and benefit from the lessons learned from past attacks. This is a rare opportunity to learn from the trenches and equip your organization with the resilience it needs in the face of cybersecurity threats.
KuppingerCole Webinar recording
The surge in ransomware attacks has become one of our most pressing cybersecurity challenges. With attackers continuously adapting and refining their tactics, staying abreast of the latest developments and trends in this ever-evolving threat landscape is crucial.
Florian and Stefan explore the modern nuances of ransomware attacks in this panel. Discussions will revolve around cutting-edge techniques such as double extortion, where attackers deny access to data and threaten its public release, and the shift towards targeting operational technology, leading to real-world disruptions. Moreover, the panel will highlight the rise of decentralized ransomware models that utilize networks of affiliates and delve into the contentious debate around the ethics and implications of paying ransomware.
Beyond understanding the current ransomware landscape, attendees will be introduced to preventive measures, effective response strategies, and potential future trajectories of ransomware evolution. Join this insightful discussion to equip yourself with the tools and knowledge needed to navigate the complexities of ransomware in today's interconnected digital ecosystem.
So my name is ramen GMI. I'm coming from cyber reason.
Actually, if you see in your deck, it should have been my boss, Frank com. I think he's online. Frank get well soon. I know you're sick. So that's why I'm here today. I'm talking about a little bit about true consequences in for the business. We made a report last year, and if you haven't checked out our booth, we have that over there. And for the folks online, just GOs, reason.com. You can download it over there, looking into ransomware and the impact on companies looking into different topics and, and problems companies achieved. So there's some, some critical ideas and, and concepts we had.
We had that yesterday in the, in the keynote session. Well, it, security is not cybersecurity. This is where I'm talking about a little bit also about the issues we are currently facing with talent on the one hand. So you're running firewalls and all that stuff.
And, and these guys also get thrown in and should fight cyber cybersecurity should bring in forensic knowledge. It is quite impossible. We figured out that yesterday. I think that was clear on, on everybody, but this is one of the issues we are facing. So the other one is what cause principle.
Well, at the end of the day, that's a wording out of the forensic. You know, every adversary leaves something in there. We just need to understand the telemetry.
What, what is going on? We need to understand what can I trace then? And if I don't have the people to trace it, it's getting hard.
And if I, if I have too many tools, for example, you know, the best tools, if I'm using 10 of them, but I don't understand the tele elementary, but it's telling me I can't do anything. That's, that's the issue. So we need to change that a little bit. And I picked that one as a concept up as well. And come back to that one later as symmetry, we heard that before, I think in, in Anne's presentation, the question as symmetry in cyber conflict, while it is, you know, the bad guys again, or advers series against the defenders, they are most, most of the time in a better spot than we are.
And this is what we have to fight. And the, the gap is, is increased massively in the last two years. Last upon the least, they adopting faster than we do. So they're adopting better technology. They're quicker than we are. So we need to change a little bit. And you know, there are some things out there we are still using, but they're not so effective anymore. I just want to give you a little bit of an overview out of our report. And there's one number, very pressing for me, which is quite interesting. If you see that's out of the report, I don't go over every number.
There's one number in there. The 80%, if you look into the middle 80% of companies who got attacked and paid, the ransom got attacked again, most of the time in between three months, why, you know, the worst really knows, well, I have them, they paid and they won't be quick enough to step up the game and have the right people in place. So that's very, very easy. I'm coming to another point later on what is the play of the, of the attackers and how they play it and how they do double times money out, out of it. We had the wording yesterday, extortion quite interesting.
Also the brand damage, all these kind of things. They're pretty clear, but we always a little bit behind that on. So coming to the ecosystem of adversaries, I think only yesterday, from the told in, in the, in a keynote, he found a ransom, a kid for $66, where you get a support and you get a guarantee that if you, if he doesn't work, you get your money back only, I'm sorry, $66 is quite old.
You know, you get it for 25 bucks and that's the game behind that. So even everyone, if you don't know what to do, you know, the bar is very low already to going into that game. You get everything prepared for you. This is you just need to invest a little bit money. You'd say what you wanna do, what kind of attack you wanna do. And they prepare it for you. And really they have also a customer service and things like this. So it's really running a business, which is ridiculous. I see a couple of people now laughing about this. That's true. That's kind of crazy. That's kind of crazy.
You know, think about it. You're investing 25 bucks for a simply exploit and say, well, you know, I don't like my neighbor. Let's give him a hard time for the next two weeks because he's always playing the trumpet every Sunday. I hate it. Yeah. That's pretty easy and pretty cheap. So you I'll think bigger. I don't like this. I think this is a very viable way to make some money out of this company. It's pretty easy and cheap. You don't have to be the script kid anymore. So what I said, yeah, it's very lucrative for the adversaries.
So step one, step two, like I told you, 25 bucks lowering the bar. It is pretty easy, but step number three, that's, that's the really interesting thing. What I told you before double extortion. Very interesting. So they threaten you.
They, they have you, they have you on the hook and I threaten you two, two times. First of all, while you pay me the ransom, otherwise everything is encrypted. You don't get your data back. And also they threat you and we will expose you so most of the time, they try to double, double the number, what they can achieve out of you. Very interesting. Most of the times people pay. And first of all, please don't pay. Don't do it. I'm coming later on, on, on something to my heart. But this one is very interesting attached to the group.
We heard a lot of, of, of a couple of latest happenings we saw in the industry. That one was one of the biggest in raising the numbers. At the end, it was 50 million. They start for 70, I guess. And it was attached to, you know, the Microsoft exchange issue. So the issue was there that, you know, it was on patch. There was an issue there and it was immediately used and they got hit. It was quite easy, you know?
So at the end of the day, trusting, everyone know we talked about yesterday were trust, but there things out there they're happening and you need to be with yes, security game one step ahead before things like this happening. So that's classical infrastructure attacks or the solar winds we, we talked about yesterday, but jumping to one thing, I don't know if, if we talked about this yesterday, I haven't heard it. Honestly speaking when one thing to close to my heart, that's why I brought it into this session. Mobile. May I ask you guys some questions?
How many emails do you open up on your smartphone? Out of 10?
For me, it would be nine, nine out of 10. I'm opening on my phone. Why it's quicker?
You know, I don't have to pick up my, my laptop. I'm doing this. What's your security game on the mobile side. Now going from a lot of customers having, and I'm asking the same question always again, and they always tell me, well, mobile is a different team.
We, we do that one later. We just have first look into, into our endpoints and our servers.
Excuse me, guys. That's your laptop in the, in your pocket? That's all, it's not just the story anymore.
So mobile, what is it on it? Everything, what?
You need, everything, what you, what you, hi, be told every everything what an adversity needs and Ming is then the new scheme on it. I think you guys already heard that one.
So that's, that's, that's very effective, you know, sending someone an SMS and he's clicking on it. It that's so quite easy. It's so quite you get that so quick done and people click on it and there, there we go. They're in. So that's why I brought up mobile because I think that's also very interesting and important part. If we want to fight the adversaries, we have to look in every part. And for you as a company, you need to have every telemetry where, where it comes from, that you can really use that to fight back. So let me, let me just summarize this one a little bit.
And there's a lot in there with Berfield and, and Ola and all these guys yesterday already spoke about, but that's, I think the most pressing issue and this where we all have to step in, you know, a lot of things change and also our industry changes. And now the, the way how we run our business is changing from on-prem to cloud or hybrid environments. The attackers are changing. They're always quite good. And they're always a step ahead. The thing is where we concluded yesterday.
And that's quite interesting because that slide over here, which I'm using is three years old, to be quite honest, talent. You know, these guys in your it team, they are fighting. They are the real superheros on my end, in my point of view, but they got swamped with alerts and all these kind of things. And they always very small teams. And what we have to do together is, you know, keeping these talent, educating them, giving them something which they can work with, where they have really the view on the thing.
What is the most pressing the most hot topic, raising false, positive things like this and talent is the issue where we have all together work on. I put that one together in what's the requirement. And I would really would love to hear you voice about that one. That's my thought on it.
You know, we have to lower the noise. Anne was talking about the session before she was talking about fast, positive. Very correct.
You know, these guys already getting a lot of alerts. If you increase that with more alerts and more force positives, it's quite quite hard to find the adversary. So we need to enrich the data. You need to have the whole telemetry. You need to understand the whole telemetry and you need to have really what matters to you and cut out the noise. What is around also the supply chain topic and compromises and ransom ops. This is something where we have to work on and then stop zero days and living of the land topics. But in a total, this is where it comes together for the business.
This is where you have to end up our, sorry, out of our point of view, you need to leverage all your data. So it's more or less a big data game in the security now in the cyber security. So no limits on your data. You need to have everything. You need to understand everything and you, you need to combine it and then you have to correlate it and have the flexibility to cover everything. So it's a big data processing engine behind that, giving you the kind of knowledge, what you need to correlate in four steps. And this needs to be in real time. I'm sorry. You need to collect the data.
You need to correlate it. And then when it comes to the analyzed part, it's, you know, we talked about years ago about IOCs. That changed. You need to have the IRBs, the behavioral analysis on it to understand where's a lateral movement. What is happening, you know, not just looking into a machine, looking into everything and cutting their alerts, for example, is moving from an alert centric approach to operational approach, operation centric approach, which means you don't get a hundred alerts for the same thing.
You get one alert from the operation, which tells you these 99 machines excluding Bertold are, are on the fire. And that, that lowers the time to remediate. That's where we are.
You know, we need seconds. We need to be quick in total. This is what we do. And you know, I'm just bringing that one up and I don't wanna do a sales pitch, but at the end of the day, what needs to be done is you need to have the flexibility either you're going into, into the cloud, or you have the regulations staying on-prem. If you have mobile or not, if you just using Linux, whatever it is, you have to have the choice, how you do it, but you need to get it together.
And that's more or less how we think the market should be addressed and approached to make your life easier, make you quicker in reacting, on ransomware, on other attacks and giving you the possibilities to really see in real time immediately what's going on and what's moving left or right in my environment to stop it, make the adversaries life harder and helping the defenders being quicker. That's what we are aiming for in total. We talked about it yesterday, prevention and detection response. These things come together. Someone said yesterday, I'm not quite sure who said it.
Prevention might be that. I don't see it. So we just need to close the gap in the prevention, which is coming from signature base to bigger parts into, into ransomware, and then have the chance to do the EDR piece. This is what we do at the end of the point, or at the end of the day, looking into this report. And I really encourage you read it through very interesting pieces in there in total. It is very interesting to be, to take another approach, to step up your game and have the chance not being under these 80% who get attacked two times.
So be in this part of 20% who are quicker than the rest. So that's for me, I think I made it in time for my friends from dark trace. If there are any questions I'm open here.
