Dizzion Attends SecureWorld Denver 2016

SecureWorld was an informative 2-day event that highlighted many of the common day cyber-threats that are targeting companies today. The event occurred in Denver, Colorado on October 18^th, 2016. There were many well-known experts in the cyber-security field, including a few key individuals; Col Cedric Leighton (CNN Military Analyst, USAF (ret.) and CEO, Cedric Leighton Associates) and Paul Kurtz (CEO & Co-Founder, TruSTAR Technology). 

One of the biggest topics this year was on ransomware (a type of malicious software designed to block access to a computer system until a sum of money is paid), and how in recent years its attacks have increased exponentially. This isn’t a new type of ransomware that is causing the uptick, but rather the increased adoption of Bitcoin. Bitcoin, which allows a user to accept payment without a paper trail, has potentially revived the use of ransomware by hackers. David Monahan lead a lecture on “Recovering from a Cyber-Attack: Ransomware”, whereas he informed the audience that China and the Ukraine are the leaders in the ransomware space. The number one recommendation was to contain the outbreak as soon as possible. A machine affected with Ransomware can encrypt any local hard drives including any mapped network drives. If the affected machine is not removed from the network ASAP, the attack will surface and could grow quickly. Once contained, a big question now looms… pay the ransom, or lose the encrypted data. The percentage of attacked organizations getting the encryption key back is 90%, if the ransom is paid in the specified time frame. One of David’s slides from Secure World summarizes the options once a ransomware attack has occurred:

To pay or not to pay?

• Determine Scope of Attack
• Relevance of backups
• Data value and biz losses vs Ransom cost
• Trust in the attacker to deliver 
• Support an industry or take one for the team?

With these options in mind, David was asked about what is one way to help protect and recover from this type of malware attack and he confidently answered “VDI” (virtual desktop infrastructure).  

Spending money on security does not always solve the issue.  For example, J.P. Morgan spends over $600 million annually and they still suffer from breaches. Companies are advised to have a sound, security posture that supports the business.  Once this is defined, identify what technologies can support the security strategy. 

Gartner has recently reported that “certificates can no longer be blindly trusted” and that hackers are now targeting Certificate Authority (CA) and can now pretend to be a company even if you see they have a “valid” certificate. An SSL certificate is worth $1000 on the black market and companies have an average of 25,000 keys they are required to manage and protect.

Verizon is one of the largest telecom companies with nearly 70% of the world’s Internet traffic traversing their network backbone. They recently released a report outlining which attacks each business vertical is most targeted by. You can find that report here.

Erica Davis and Florence Levy gave a great presentation at Secure World on how insurance companies can help businesses shift some of the risk away by finding the right balance between IT spending and risk transfer. Recovering from a breach isn’t as easy as it once was, now you have to work on many strategies including PR, law counseling and data forensics, just to name a few.

No company is safe from these threats, but businesses have many different options to help minimize the risk and when and if they do get hacked. Preventative measure such as VDI, employee education and a solid security strategy can help to prevent ransomware attacks.

For more on Secure World click here.

For more on Dizzion’s secure cloud delivered desktops click here.