Bytes - Smarter together
Bytes - Smarter together

 

The threat to double extort has increased significantly, from 8.7% to 81%. As if this wasn’t bad enough, there is now the emergence of the multiple extortion. This does 3 things:

  • Encrypting Sensitive Data so it cannot be used unless a ransom is paid.
  • Exfiltrating the data and threatening to release it publicly unless a ransom is paid.
  • Target the organisations customers/partners for Ransom over information that is related to them.

Through a ransomware attack, 3rd parties are now at risk and act as new vectors for even more ransomware attacks and campaigns.

What does this mean? And what have we seen?

During last year, the new CIS Version 8 controls were released. This contained a new entry around “Service Provider Management”, which looks to ensure business develop processes to evaluate service providers who hold sensitive data and ensure these providers are protecting those platforms and data accordingly.

Utilising some of the results from the CIS Sessions we have been conducting, we have noticed that there are several customers that do not have a process in place for managing suppliers or having any facilities to evaluate what data their providers are holding. This is a risk, since if a partner/vendor/supplier is breached, then the business will also be affected, and their data might also be held to ransom.

Additionally, one of the weakest points we have come across in CIS is around data protection. A lot of customers are behind the curve when it comes to data visibility, discovery, and protective controls (ie. DLP).

In conclusion we have seen businesses put effort into strengthening the recovery capabilities of ransomware attacks. Ie. Backup and Recovery. This is now far less effective if your data is being held hostage against the public internet and against your customers/suppliers. Backup is still important for the recovery of these attacks, but in terms of the damage of these attacks, its far less usable.

This calls for the following considerations:

  • Defined processes for suppliers/vendors/partners that have access to your data or are holding your data.
  • Defined process and understanding of what customer data is held and how this is protected.
  • Solutions that implement data discovery and DLP controls to mitigate data exfiltration.
  • Solutions/Services that provide capability to rapidly detect, respond and contain ransomware attacks and data exfiltration (SIEM and Managed SOC)

How can Bytes Help?

Bytes can assist in multiple ways, including:

  • For supplier risk management and service provider management
    • Bytes Cyber Consulting can provide service to support with the reviewing internal processes and documentation to help govern supplier risk.
    • Bytes can deliver an Application and Risk Workshop that looks to investigate Governance, Risk & Compliance solutions.
  • Data Security and Data Protection
    • Bytes can provide a Data Management Advisory session to support with the investigation of Data Protection and Governance solutions.
  • Incident Response Capability
    • ​​​​​​​Bytes provide Managed SOC services to deliver 24/7 detection and response capabilities.​​​​​​​
    • Bytes Cyber Consulting can provide Digital Forensics and Incident Management in the event of a breach

If you would like to find out more about any of the above please reach out to [email protected] or give us a call on ​​​​​01372 418500.

Me - 4.jpg

Gennaro Migliacco

Head of Technology Solutions Development

Bytes

Connect