Electricity and Control August 2021

CYBERSECURITY

Learning from the Kaseya global ransomware attack The Kaseya ransomware attackers reportedly demanded US$70 million to decrypt more than 1 million computers that they claimed to have compromised. Here Lior Div, Co-founder and CEO of Cybereason considers the case and lessons to be learnt from it.

T he recent global Kaseya attack is a reminder that the public and private sectors need to change the way cyber conflict is fought. The truth is that attackers still enjoy the advantage. The goal isn’t to block and prevent all attacks – an operation like Kaseya – and SolarWinds previously – have demonstrated that’s not always possible. The goal is to quickly detect suspicious or malicious activity, and ensure you have the visibility, intelligence, and context to understand and remove the threat. Cybereason and other modern security companies have the technologies – like EDR (Endpoint Detection & Response) – that can end these ransomware attacks. I believe it is our job to disrupt these operations. Technology coupled with public and private partnerships is a step in the right direction to help in the fight against the REvil ransomware gangs and others like them. We need to shift focus from dealing with ransomware after the fact, to disrupting the earliest stages of attacks through behavioural detections. This is the operation- centric approach to cybersecurity. We cannot just focus on the ransomware attack – by then it is too late. Look at the earlier stages of the attack, when criminals are inserting malicious code into the supply chain, for instance. The ransomware is the symptom of the larger disease we need to treat. This latest attack will once again start the debate about Cybereason recently announced it had secured significant additional financing investments which validate the company’s position as a leading innovator in delivering XDR, EDR, EPP and anti-ransomware solutions. Cybereason will use the financing to continue to fuel the company’s growth, driven by strong market demand for its AI-powered Cybereason Defense Platform. Unlike traditional alert-centric models, the Cybereason Defense Platform is operation-centric – exposing and ending entire ‘malicious operations’ (MalOps). A Cybereason identified MalOp is not another alert – it provides a fully contextualised view of every element of an attack as it unfolds across an enterprise. Because today’s sophisticated cyber criminals are building attack operations, not point attacks, the ability to identify MalOps is the key to fighting current cyberattacks successfully, including the latest ransomware attacks. An attacker’s goal is typically to move from the endpoint across the whole enterprise, and attackers are organised, funded and motivated to succeed. Without an operation-centric cybersecurity approach, organisations

whether it makes sense to rip out and replace legacy computer networks used by public and private sector organisations. That simply is not going to fix the problem. We have spent trillions of dollars on cybersecurity over the past 20 years. And in many ways, we’re no safer today. We could spend another $250 billion or $250 trillion and it may help only incrementally. What matters is how the money is spent.

Cybereason Co-founder and CEO, Lior Div.

In time we will learn the names of companies impacted by the Kaseya ransomware attack. We will also learn if companies are meeting the ransom demands of the REvil gang. In general, it doesn’t pay to pay ransoms. A recent Cybereason global research study found that 80% of companies that paid a ransom were hit a second time. Overall, paying ransoms only emboldens threat actors and drives up ransom demands. Still, whether or not to pay a ransom is an individual choice each company needs to make. Consult with your legal team, insurer and law enforcement agencies before making any decision. In those rare life or death situations, paying a ransom could well be the right decision. remain vulnerable to repeated attack. Cybereason enables organisations to quickly recognise, expose and end entire malicious operations before MalOps become breaches. The company has been recognised as a visionary innovator in the cybersecurity arena by a number of third-party organisations. CEO and Co-founder Lior Div, says, “Over the past year we’ve experienced hyper-growth across the globe as defenders recognise that ending advanced attacks isn’t possible using solutions that rely on meaningless alerts and human intervention. Existing – even ‘next- gen’ – solutions are fundamentally flawed, creating the dynamic we have today where the defender is constantly struggling to keep pace with attackers. Cybereason takes an approach that enables defenders to end malicious operations instantly, resulting in the most comprehensive prevention, detection and response solution on the market. This is how we are returning the high ground to the defenders – and we are just getting started.” For more information visit: www.cybereason.com

Electricity + Control AUGUST 2021

31