BYOD Trend Means Increased Ransomware Threat to Corporate Networks
BYOD Trend Means Increased Ransomware Threat to Corporate Networks by UCStrategies Staff
As more and more employees are bringing their own devices into the workplace, the threat of personal and company data being held hostage by ransomware is increasing as well.
Ransomware is malware that takes advantage of security vulnerabilities and locks a user's computer or encrypts files until the user pays a ransom fee. By circumventing corporate security policies, employees can introduce ransomware to their corporate networks, usually by visiting a malicious web site or downloading an infected email attachment.
In McAfee's latest threat report, the company says that the number of new ransomware threats increased 50 percent between Q1 and Q2 of 2012, four times as many as a year earlier. That means that with the BYOD trend, the threat of company data being hijacked is very real.
Macky Cruz, technical communications specialist at Trend Micro's TrendLabs, pointed out that with the increased use of mobile devices, sensitive corporate data can now reside on employees' mobile devices. When they use these devices outside the organization and accidentally download ransomware, company data will be in the hands of cybercriminals.
According to Righard Zwienenberg, senior research fellow at ESET Security, end users who have been taken hostage will sometimes pay the ransom fee without telling their supervisors. But that behavior can be risky because they never know for sure whether the malware is entirely gone from their device or company network.
The best way for companies to protect their valuable data is through education. Companies need to advise employees about who to contact if they believe their devices or the corporate network have been compromised. Employees need to understand that the best thing to do is to alert the company. As Zwinenberg says, "It's worse trying to hide it as there may be other backdoors or Trojans installed, or the information that is taken hostage is not sent to the malware authors. There may also be no guarantee that everything is returned when they pay up."
Organizations also need to enforce proper data handling policies and encrypt data at rest, says Anthony Lim, regional director of SecureAge. This recommendation includes the server cloud and backup. This will minimize any vulnerabilities or advanced persistent threat from getting to your data and trying to use it for ransoming purposes.
Organizations are urged not to overlook the basic security precautions. Make sure all security software is up to date and that employees have the latest security software on their personal devices. (GR) Link.