At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    An Evolving Cyber Threat: Ransomware-as-a-Service

    Ransomware as a Service

    How is Ransomware-as-a-Service Different and Why Are Criminals Using it? 

    During the COVID-19 pandemic, the shift to remote working has left businesses vulnerable to online assailants without protecting a corporate network or firewalls. With employees suddenly working on unsecured home networks and misconfigured VPNs, companies have lacked suitable security protocols and employee education initiatives to stop cyber-criminals from taking advantage of this shift.     

    Ransomware-as-a-Service (RaaS) has grown massively as a result. Its business model satisfies the demand of cyber-criminals that lack proficiency in ransomware development. The increasing prevalence of RaaS means that the ability to cause remote, targeted cyber-attacks is highly accessible. Its implications affect not only business security but also national security on an international level.    

    Cyber-criminals are not stupid. They understand return on investment (ROI), profitability and how to work collaboratively. Like in the software industry, the ability to develop software is significantly different from distributing the software. They each require distinctive skillsets to be executed successfully. So, if it works for typical software companies, why wouldn’t it work for cyber-criminals?     

    RaaS has lowered the threshold to entry for this type of crime. The ones that distribute the malware can be, and typically are, totally separate from those that create the malware — just like developers and sales representatives have different roles within a company that mutually benefit one another. So, cyber-criminals don’t have to be malware developers or even be in a crew that has this capability; they can simply pay, or work collaboratively with, skilled developers in a strategic alliance that allows them to focus on distribution.     

    Using this model allows the business leaders of these organized criminal syndicates to maximize profitability without doing more work than they need to. It is not only a cost-effective strategy but also one that provides extra protection for the criminals committing these cybercrimes by creating a layer of separation between the malware developers and the distributors making them less likely to be implicated if one of the members involved is arrested.  

    How to Protect Against the Threat 

    To effectively defend against this threat, businesses and organizations need to treat their defensive posture with the same level of rigor and determination as that of their adversaries. Failure to do so will result in their business being compromised and the subsequent theft and monetization of critical value data.      

    Security should be a top priority at board level. There should be plans for technology, training and threat exercises like red teaming and purple teaming that combine the tactics of the red team, the bad guys, and the blue team, the good guys. Businesses should also include active threat hunting to seek out attackers that have found their way past security.     

    Organizations will pay for security — either now without interest or later with interest. That interest will manifest itself as the loss of customer confidence, loss of market share, regulatory fines and potentially class action or shareholder derivative lawsuits. For businesses to future proof their operations, it’s essential they act now, rather than wait until their critical value data is under lock and key of a criminal — and held to ransom.

    Organizations need to implement a combination of technical solutions, security policies, and employee training to combat these threats. New-school security awareness training can enable your employees to defend themselves against ransomware attacks.

    With thanks to InfoSecurity Magazine. The full story is here: https://www.infosecurity-magazine.com/opinions/cyber-threat-ransomware-as-a/

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/demo_kcm_partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top