A ransomware attack is terrible for consumers, employees and businesses – and you can put a price tag on recovery.
According to FBI’s report in April 2016, “Cyber-criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers,” as reported by CNN. A typical ransomware might demand a payment of $10,000 or more; such as how the Hollywood Presbyterian Medical Center forked over $17,000 in February.
Just as importantly, the costs of recovering from a ransomware or other cyberattack are well understood…but how much should an organization spend to prevent one in the first place?
CEOs and others accept that they have to invest in cyber-protection. The bad news is that it is difficult to judge if they are spending wisely, not overspending out of fear. The good news is that there are ways to spend smarter, getting a better security posture while also reducing expenditures. Let’s get into that shortly, but first, let’s look at one of the biggest attack surfaces facing modern businesses: Websites that can deliver malware, including ransomware.
How the web can wreak havoc
Websites are one of the most common malware vectors (along with malicious emails) that can provide the entry point to many other types of hack attacks. Block access to the web, and you’ve made a dent in overall cybersecurity risks.
There are more than 550 million malware variants, reports AV-TEST, with more than 390,000 new malicious programs being identified every day. There are multiple ways malware gets into an end-user’s computer – and from there, the malware might have unfettered access to everything on that computer and other resources on the business network.
In many cases the end user did absolutely nothing wrong… but became infected anyway. Blocking access to these uncategorized sites reduces the chances of malware infection, but introduces a number of problems and hidden costs, such as more help-desk tickets.
The problems with allowing access to uncategorized sites
Consider a base salary of $170,000, and the typical 25% recruiting costs to fill those jobs. If there’s a conservative 40% turnover rate within a 5-person team, the recruitment cost alone is $85,000 per year. If you consider the opportunity cost of two existing SOC engineers spending 25% of their time training two new employees, the cost is an additional $85,000 per year. Combine these, and the total annual turnover cost is $170,000.
The problems with denying uncategorized sites
Number of Trouble Tickets: Denying uncategorized sites creates an overwhelming number of recategorization requests. For a global investment firm, the number of tickets to recategorize per day was approximately 2000 across 250,000 employees. More than 75% of these requests were non-work related like veterinarian research, schools, soccer little league, etc. With more than 5 dedicated people parsing through the requests, the issue was frustrating and expensive, costing approximately $850,000 per year.
Recategorization experts – Recategorization is a manual process. A European insurance provider and a large Japanese manufacturer were inundated with such requests when they began blocking access to uncategorized sites. The issue was compounded by the fact that their secure web gateway could not help them to determine the security posture of the sites in question.
The organizations had 16 and 5 security analysts respectively dedicated to analyzing sites before recategorization. Another global financial services firm had a staff of 20 around the world to, in their own words, “recreate the Yahoo index.” With a conservative SOC staff of 5, this team cost an enterprise over #3 million annually.
Looking at it another way: Blocking uncategorized sites prevents users from accessing legitimate content, which compromises productivity, and generates requests for re-classification of blocked content. Meanwhile, allowing access to uncategorized sites means more malware and phishing attacks reach users, which can lead to breaches and significant losses via data theft and fraud. In addition to user issues, it is very costly (often impossible) for IT staff to chase all alerts generated by unclassified sites, resulting in high costs and reduced security. You just can’t win with a traditional approach.
A more effective strategy: Isolation
Isolation technology, by its nature, doesn’t open websites on the end-user desktop, notebook or mobile device, but rather, in a secure virtual container on a cloud-based platform. The end user interacts with the site through technology that renders a user experience that is indistinguishable from direct access. By executing sessions away from the endpoint and delivering only safe rendering information to devices, users are protected from malware and malicious activity.
Malware has no path to reach an endpoint, and legitimate content needn’t be blocked in the interest of security. Administrators can open up more of the Internet to their users while simultaneously eliminating the risk of attacks,
Isolation puts an end to their costly no-win situation:
Meanwhile, no software needs to be installed on the end-user’s desktop, notebook or mobile devices – not only saving IT time and money, but also eliminating concerns about keeping end-user software up-to-date.
With more than 550 million malware variants, and hundreds of thousands of new malware being discovered every day, the traditional approach to malware detection has many hidden costs – in time, in talent, and in staffing, as well as the cost of buying and maintaining security products.
Article by Kowsik Guruswamy, Menlo Security chief technology officer.