Perimeter vs Containment why you need to be proactive in the fight against ransomware
Perimeter vs Containment why you need to be proactive in the fight against ransomware
For years, the defense against cyber-attacks has been to enclose all your data and devices within an impenetrable wall. When all your online activity took place in one central location, this was an effective practice. However, the digital estate of the modern business is no longer centralized. Your employees and partners expect to be able to access your organization from anywhere, without affecting productivity. While your customers expect personalized experiences that show you understand them.
Companies that are adapting and embracing this new market are thriving. But, if there is no longer an ‘outside’ and an ‘inside’ to your business, how can you remain protected by one line of defence?
In this article, we learn how to take the fight to your would-be attackers.

What is a perimeter-based defence?

Businesses traditionally enclose all their data and devices within a perimeter, comprised of a combination of firewall, email scanners, web filtering solutions and endpoint security agents. This attempts to screen everything that comes into the network then blocks or removes anything that is flagged as malicious. The business should then be able to trust that it will keep out invaders and that all activity within it is safe.
But following digital transformation, this is no longer the case.
Digital transformation, for all its fantastic benefits, requires a major shift in multiple areas of an organization’s infrastructure. Not least security.
A modern business consists of multiple endpoints, often managed by public cloud providers, and employees accessing their organization off-site. It also incorporates countless new devices and technologies that were never taken into consideration when perimeter-based defences were first designed.
This means that malicious activity has more chances than ever to break in. If something fools your firewall or finds a way to escape detection on the endpoints, then it has breached your defences and infiltrated your system. And, with many leading antivirus software solutions unable to detect new variants of ransomware for sometimes as long as 4 weeks – with attacks corrupting up to 7,000 files per minute – the consequences could be disastrous.

What is a ransomware attack?

Financially motivated criminals use ransomware to attack your data. The average cost of a data breach in Canada is $6.75 million as per a 2021 survey (Source: IBM Security). If they successfully infiltrate your system, the ransomware begins to encrypt files so you can no longer access them. This process doesn’t alter the file names therefore it’s hard to see which files have been corrupted and which haven’t.
Criminals then hold this information hostage, demanding payment for its return.

What are the potential consequences?

Typically, it can take hours or even days for an organization to realise it has been subject to a ransomware attack – by which time much of the network may have been compromised. Criminals also often choose to attack at the weekend when staff are not around to react. The attackers would also have had enough time to access your data centre and steal private intellectual property – and this is exactly what they would use to negotiate payment for release.
The attack will cause massive disruption to your services and productivity as necessary files become lost. You also may become subject to legal difficulties if the attacks access your customers’ personal data, as well as suffering a loss of revenue and reputational damage. However, submitting to the attackers is an unwise end – this only  serves to encourage them and funds future attacks.
And there are trends to suggest that refusal is the way forward. Last year, 97% of US and 78% of German businesses refused to pay, while 75% of Canadian and 58% of UK Companies coughed up – it’s the American/German stance that’s leading to fewer ransomware attacks. Here are a few FAQs about ransomware that you may find handy.

The solution? Containment

If your system is infiltrated, you need a proactive solution to defend it. Our human immune system is a great metaphor for this: if we’re unlucky enough to fall ill, our white blood cells rush to the rescue and fight off the infection. This, broadly speaking, is how a containment-based defence system works for your business. It supplements your firewall, network and endpoint security by quickly identifying and containing ransomware outbreaks that have passed all other security tools undetected, stopping it from spreading and highlighting affected files for easy recovery.
With ransomware attacks increasing by 195% year on year, it’s getting ever more important for public and private organizations to prepare themselves for tomorrow, not for yesterday.

How Containment works

Containment solutions are designed to put you on the front foot, stopping any ransomware that manages to break through your perimeter and endpoint defence head-on, before they take a hold in your system. Using built-in scripts, they shut down compromised devices and disable the user in the Active Directory to contain any intrusion, locking down any devices that have been infected.
The most effective products currently on the market are military grade – such as Ricoh’s Cyber Security Practice, currently used by both the US and UK governments – which offer both managers and IT teams the very highest level of confidence against ransomware and cybercrime.
The dilemma can be avoided altogether if you look for a proactive solution. And the first step is to evaluate your defences using an IT health check assessment. Not only is taking the proactive approach the best way to defend against ransomware attacks, it’s easy to implement too. Containment solutions can take as little as four hours to be installed, and it can be done either on-site or remotely in a non-intrusive fashion – meaning minimal disruption to your teams and business.

Protect your business and your people from ransomware attacks

Current responses by perimeter and endpoint-based solutions are confused and limited. Victimised businesses can’t trace the source of the damage, and infection is most often eventually identified by an employee, but far too late.  A containment solution provides an automated technology that reacts instantly, as soon as a ransomware outbreak is activated in your environment, so only a single device and as few as 10–15 files are affected before the outbreak is fully contained.
Additionally, employees often access the business network from multiple locations on multiple devices – all of which are outside the wall. Educate your people on what to look out for – such as suspicious phishing emails and malware – and on what to do if a cyber-attack does take place. It’s then a great idea to follow up these sessions with regular reminders to keep your people on their guard.

Ensure continuity

When perimeter or endpoint-based protections fail, containment won’t. They enable your IT team to offer an immediate, fully automated response to any attack. Not only does this give your perimeter and endpoint defences the support they need, but it also means that uptime on your network can be maintained, with all business processes working as usual. And you can also rest assured that you won’t get caught up in the media storm caused by the negative press that surrounds these attacks.
Working with a collaborative partner is a fantastic way to fortify your business against the risk of cyber-attacks like ransomware. By taking advantage of their experience and expertise you can build cyber resilience and ensure continuity. Ricoh’s Cyber Security Practice provides a revolutionary “Last Line of Defense” against ransomware. It delivers a 24/7 automated containment solution focused on stopping a ransomware outbreak as soon as encryption starts. Feel free to read this guide related to Ricoh’s ransomware containment solution.
Learn more about Ricoh’s ransomware containment solution: book a demo today!