Sophos predicts that in 2018, Android and Windows devices will continue to be heavily targeted with ransomware and other malware, due to the large number of users they have, and the success attackers have had so far. According to the findings of Sophos’ recent survey, The State of Endpoint Security Today, ransomware continues the most prevalent form of attack, with more than half of the global organisations surveyed hit in the last year and a third expecting to be victims of an attack in the future. On average, respondents impacted by ransomware were struck twice.
To discuss the results of the survey from a local standpoint, CSA was invited by Sophos to attend its media briefing and luncheon in conjunction with the recent Chinese New Year celebration yesterday. Present during the session was Sumit Bansal, Managing Director, ASEAN & Korea Sophos from Singapore, who explained why local businesses are at risk of repeated ransomware attacks and elaborated on some of the enhancements they have made to Sophos’ next-generation endpoint protection, Intercept X.
The following are some of the key findings of the report:
More than 50 percent of organisations were hit by ransomware last year and on average they were struck twice
More than 75 percent were running up-to-date endpoint protection when last impacted by ransomware
Median total cost of a ransomware attack was $133,000, including ransom, downtime, manpower, device cost, network cost, and lost opportunities; five percent reported $1.3 million to $6.6 million as total cost
More than 50 percent of organisations do not have anti-exploit technology, which means they are easy prey for data breaches and complex threats like WannaCry
Nearly 70 percent of IT professionals were unable to identify the correct definition of anti-exploit technology, despite how critical it is for modern attack prevention
Only 25 percent have predictive next-generation technologies, such as machine or deep learning; 60 percent plan to implement within a year
Awareness and knowledge are key. It’s crucial that IT professionals are aware of how exploits are used to gain access to a company’s system for data breaches, DDoS attacks, and cryptomining. Unfortunately, Sophos’ survey revealed considerable misunderstanding around technologies to stop exploits, with 69 percent unable to correctly identify the definition of anti-exploit software. With this confusion, it’s not surprising that 54 percent do not have anti-exploit technology in place at all. This also suggests that a significant proportion of organisations have a misplaced belief that they are protected from this common attack technique yet are actually at significant risk.
According to Sumit, organisations in the ASEAN region see the same issues and challenges as their counterparts in the rest of the world, with different versions or variants of malware being more pervasive in different countries. For example, he mentioned that in Singapore, CryptoLocker was very popular whereas in Malaysia, the WannaCry ransomware accounted for 90% of the attacks in 2017. However, even though cybercrime is growing in frequency and sophistication, the survey revealed that organisations globally are still not prepared to manage and mitigate cyber attacks. Sumit highlighted the fact that reactive and evasive forms of cyber defence are no longer sufficient. Predictive protection is the future and that, he said, is where automation and AI comes into the picture.
“The IT security climate is constantly changing, especially with the advanced capabilities of cyber threats and the non-traditional methods of attacks. The future of IT security lies in predictive protection; anticipating threats before they occur. At Sophos, by combining deep learning networks and industry-leading domain expertise, Intercept X helps augment endpoint security to enable organisations to effectively combat ransomware,” said Sumit. “Organisations can no longer just act on a threat once it happens, instead organizations should anticipate and be prepared for unknown attacks. With Intercept X, organisations deploying various strategies can bring unparalleled next generation protection to their operations.”
However, organisations today are definitely spoilt for choice when it comes to cyber security solutions. Since most major cyber security vendors are also pushing their version of AI or machine learning in their endpoint protection or cyber defence products, we asked Sumit what makes Intercept X unique and how do customers decide on which solution they should invest in. He explained that Intercept X is equipped with deep learning capabilities, which is a bit different from machine learning. It is in a way the next evolution of machine learning, able to deliver a massively scalable detection model that can learn the entire observable threat landscape. With the ability to process hundreds of millions of samples, deep learning can make more accurate predictions at a faster rate with far fewer false-positives when compared to traditional machine learning.
At the time of writing, while machine learning is quickly becoming a staple feature for many cyber security solutions, only a handful of vendors highlight deep learning capabilities within their products. However, we have an inkling that it will become the next buzzword in the cyber security space in the near future.
“We always encourage our customers, when they’re evaluating a product against someone else’s, to look at the whole information. How many techniques can they stop? Can they reverse files being encrypted? Can they do forensics so that they can make better decisions next time? Are they complete in their anti-exploit technology? In reality, those are the things you have to look at as an organisation,” Sumit concluded.
Touting Intercept X to be the “world’s best endpoint protection” is definitely a bold claim. But one that the team at Sophos seems to have a lot of confidence in (but that is to be expected) – backed up by a formidable list of advanced technologies such as deep learning neural network designed to stop attacks at every level including unknown exploits and zero-day threats.