With ransomware fast becoming one of the biggest global security threats, it is no surprise to learn that even in South Africa, the cost of such an attack is massive - statistics indicate that the average expense to remediate such an attack is in the region of R6.4 million.
With ransomware making cybersecurity more critical than ever, most companies have adopted a principle called ‘defence-in-depth’. This entails implementing firewalls, endpoint protection, application and API security, data protection, anti-phishing and Internet of Things (IoT) security and potentially even kill switches.
However, explains Patrick Evans, CEO of SLVA Cybersecurity, regardless of how complete such a strategy is, the fact remains that such an approach is only about 98% effective, and simply cannot protect you all the time especially given the human factor in the whole security fabric.
“These types of attacks generally target file shares, which is why a standard security implementation should be augmented by a last line of defence solution - one designed to stop malicious encryption on monitored file shares and file servers,” he says.
“When one considers that a ransomware attack can easily encrypt up to 25 000 files per minute, the need for a solution like BullWall becomes obvious. It delivers a proven, 24/7 automated response, complementing existing security defences and instantaneously detecting data anomalies and events.”
Essentially, he indicates, what a last line of defence like Bullwall does is to listen to all the traffic on a company’s network, regardless of whether it is connected to the cloud or not. By leveraging artificial intelligence (AI) and machine learning (ML) techniques during its initial deployment, it can quickly learn what legitimate filing encryption looks like in a specific environment. Armed with this knowledge, it can quickly tell whether any file encryption in the system is illegitimate.
“If a business is hit by a ransomware attack, this can rapidly and easily be contained. The solution can tell you exactly where the incident happened, so your security team can quickly determine Ground Zero.”
In addition, should any encryption have occurred, the solution is quickly able to tell exactly which files were encrypted and where they are located, enabling the business to restore them in a fast and efficient manner. It can help your company remain on the right side of the law - in what is a highly regulated environment - by producing all the paperwork necessary for filing with the regulator.
“Not only is this the ideal solution to eliminate that 2% security gap, it is also one that is simple to deploy with a limited footprint and operating in listen-only mode and will provide that final line of defence that has become especially imperative in the post-pandemic world of remote or hybrid work environments, both for on-prem and cloud environments.”
Considering that South Africa is one of the top five most targeted nations for ransomware in the world, implementing a last line of defence should be less a ‘nice to have’ and much more of an ‘absolutely have to have’.