How Network Segmentation Can Help Entrepreneurs Manage Ransomware Risks

Like most cyber attacks, it may be just a matter of time before your company is compromised. This one tip will help you avoid the damage when it happens.

learn more about Peter Gasca

By Peter Gasca

The Washington Post | Getty Images

Opinions expressed by Entrepreneur contributors are their own.

A few months ago, our kids' school district, one of the largest in South Carolina, was hit with a virus that spread "ransomware," a malicious software designed to block computer systems by encrypting the data in which the attackers gain access. Unlike other types of malware that attempt to steal data, ransomware is unique in that it simply blocks access to systems or files until a ransom is paid.

Networks typically become compromised because of poor cyber security practices and "phishing" scams, where an attacker tricks a user into opening a phishing email and visiting a phishing website. Once done, the user unknowingly downloads a piece of malware software, and the attacker expands from there to explore resources and, in enterprises, may attempt to move laterally to explore the network and encrypt shared and network drives.

Related: Ready, Set, Hack: Pentagon Invites Hackers to Break Into its Computer Systems

Eventually, our school district capitulated to the demands of the attackers and paid the ransom demands of $10,000, and all data was returned and restored -- albeit with a heightened sense of security and importance. Our school district got off cheap compared to other organizations, however, such as a New Jersey school district that recently had its network system infected with ransomware with the demand of $124,000 in Bitcoins.

I can tell you with a high level of certainty that my high school grades were never worth that much.

According to numerous industry reports, ransomware attacks are becoming more common every day, doubling in number between 2014 and 2015 according the Symantec Internet Threat Report. And the trend is expected to continue for the foreseeable future, and moreover, authorities have no solid strategy for stopping them. In fact, currently the FBI recommends companies to pay the ransom if they ever want their data restored.

The future in this regard does not look bright when the FBI throws its arms up in defeat.

Making the matter worse is the evolving sophistication in these attacks, as a new and emerging innovation called "ransomware-as-a-service" (RaaS) starts to take root. According to Business Insider, "(RaaS) is a variant of ransomware designed to be user-friendly and... deployed by anyone with little cyber know-how. These agents simply download the virus either for free or a nominal fee, set a ransom and payment deadline and attempt to trick someone into infecting his or her computer. If the victim pays up, the original software author gets a cut -- around five to 20 percent -- and the rest goes to the party who deployed the attack (called the 'script kiddie')."

In January 2016, researchers identified a new RaaS called Ransomware32, complete with a user-friendly dashboard to track income statistics and manage individual attacks while also removing most of the the upfront costs and technical barriers. This kind of RaaS trend is making ransomware accessible to the least technical hackers.

As terrible as RaaS sounds, it still sounds better than multi-level marketing.

Unfortunately, many enterprise IT teams focus on efficient management of networks and privileges rather than designing networks that can contain the damage of a breach or ransomware attack. And while any technique an enterprise uses to avoid phishing scams will help avoid getting ransomware, there is no way to guarantee that an enterprise can avoid infection altogether.

WEI is one company that has been studying the evolution of ransomware and providing cutting-edge technology tools to businesses. They suggest that, as an additional prevention, every enterprise consider how to contain, rather than just prevent, a ransomware breach with network segmentation in addition to other strategies.

Related: Adobe Issues Emergency Update to Flash After Ransomware Attacks

In part, network segmentation limits the volume of resources that an attacker can access by logically grouping network assets, resources and applications together into compartmentalized areas called segments and allowing only approved types of communication in and out of the segment. Segments that are physically separated from other segments and have no established link to allow interaction are known as segregated.

For example, devices involved with financial transactions should be fully segregated both logically and physically from devices that can surf the web.

The objective with security-minded network segmentation is to ensure that attackers have access to as few digital resources as possible. This technique will also help contain the potential damage from other types of cyber attacks.

Since departments and teams have different access needs, an enterprise should divide a network into segments and then controls each segment's communication to the outside world. In addition, the enterprise should control communication between segments of the same network. With limited access between segments, an attacker's movement to another segment is either stopped or slowed enough to allow monitoring tools to alert enterprise staff to the intrusion before massive harm is done.

To secure a segment containing sensitive information or data, an enterprise would simply prevent all communication and physical access, including but not limited to emails, websites, file sharing, cloud services and any external devices such as storage or mobile devices that have both external access and access to the network.

Failing to segment properly creates what is described as an "egg network," or a network that, like an egg, has a "strong perimeter surrounded by their soft, gooey, defenseless (data) yolks." Such organizations have false confidence in outward facing firewalls and other tools that protect the network's external perimeter while liberally allowing internal communication between network segments. An attacker who stumbles into such liberal access would be able to block and ransom large volumes of enterprise electronic resources.

Enterprise IT teams should also consider their network backup strategy. "The best line of defense against any ransomware is to have backed up your machines yesterday," says Kaspersky Labs. "Some ransomware variants are smart enough to also encrypt every backup they are able to locate, including those residing on network shares. That is why it is important to make 'cold' backups (read and write only, no delete / full control access) that cannot be deleted by the ransomware."

Related: 1 in 5 Companies Had a Security Breach, New Study Says

In the end, enterprises should ensure that their approach to network management reaches beyond efficiency and considers how best to leverage segmentation to thwart attackers and limit damage. Enterprises should confirm that staff members who are responsible for segmentation truly understand the security implications of the segmentation architecture. And business areas that are responsible for selecting software should draw security and IT resources into the decision-making process before a solution is selected and ensure that the vendor's implementation team has a strong background in the security of the software being purchased.

Peter Gasca

Entrepreneur Leadership Network Writer

Management and Entrepreneur Consultant

Peter Gasca is an author and consultant at Peter Paul Advisors. He also serves as Executive-in-Residence and Director of the Community and Business Engagement Institute at Coastal Carolina University. His book, One Million Frogs', details his early entrepreneurial journey.

Related Topics

Editor's Pick

Everyone Wants to Get Close to Their Favorite Artist. Here's the Technology Making It a Reality — But Better.
The Highest-Paid, Highest-Profile People in Every Field Know This Communication Strategy
After Early Rejection From Publishers, This Author Self-Published Her Book and Sold More Than 500,000 Copies. Here's How She Did It.
Having Trouble Speaking Up in Meetings? Try This Strategy.
He Names Brands for Amazon, Meta and Forever 21, and Says This Is the Big Blank Space in the Naming Game
Business News

American Airlines Sued After Teen Dies of Heart Attack Onboard Flight to Miami

Kevin Greenridge was traveling from Honduras to Miami on June 4, 2022, on AA Flight 614 when he went into cardiac arrest and became unconscious mid-flight.

Leadership

How to Detect a Liar in Seconds Using Nonverbal Communication

There are many ways to understand if someone is not honest with you. The following signs do not even require words and are all nonverbal queues.

Business News

Pet Owners Slammed By Inflation Even As Fed Tries To Fight It

The Federal Reserve raised interest rates on Wednesday in an effort to fight inflation.

Marketing

Entice Customers to Make Additional and Larger Purchases Using These Two Tactics

With transparency, permission, and an eye on the customer's perception of value, you can knock both cross-selling and upselling out of the park.

Business News

Influencer's Team Speaks Out After Being Slammed For Selling Instagram DMs for $10,000: 'False and Inaccurate'

Emma Chamberlain's merchandise website went viral after one fan noticed a particularly pricey offering.