EXPERT OPINION

With many employees now working from home , organisations are exposed to a vastly increased attack surface and must reassess their endpoint security strategies to ensure they are equipped for this new environment . Tamer Odeh , Regional Director at SentinelOne in the Middle East , tells us how enterprises can best improve their endpoint security and why prevention is crucial for defending against sophisticated attacks .

Tell us about ransomware – how much of a threat is it to modern organisations ?

Ransomware attacks continue to pose a threat to modern organisations , especially during the COVID-19 pandemic . In fact , the increasing diversity and total volume enabled by RaaS and affiliate schemes , along with the low risk and lucrative returns , only serves to suggest that ransomware will continue to evolve and increase in sophistication for the foreseeable future .

There are different types of ransomware . Examples like DopplePaymer ransomware employ lightning-fast payloads to perform over 2,000 malicious operations on the host in less than seven seconds . This means that legacy detection and response methods are failing to prevent infections , and defenders ’ response to ransomware often starts after the ransomware has achieved its objectives . Moreover , in the case of Maze ransomware , it has plenty of time to encrypt tens of thousands of files . Unfortunately , if a business relies on the cloud , for virus signatures or reputation lookups , time plays a huge role in the process .

Huge damages can occur in one minute . In one test , SentinelOne ’ s Labs recorded 23,969 events triggered by Maze within the span of a mere 60 seconds . Each one of those events is a file being encrypted in preparation for hackers heavily threatening a company ’ s head and demanding a ransom to unlock its data .

All this damage underscores why local protection models – as in , those that are located on endpoints and don ’ t need to pause to fetch marching orders from the cloud – are superior to products that suffer from cloud lag and the dwell time it grants attackers .

Can you give us a summary of the methods of infection ?

There are various methods of infection based on various situations . Some ransomware criminals take advantage of the challenges and vulnerabilities created by BYOD , IoT and Digital Transformation initiatives using technologies like social , mobile , cloud and software-defined networks . Remote workforces demanding the ability to work from anywhere at any time while accessing company data and using cloud applications also create challenges and increase the attack surface .

However , usually methods of infection include the below : www . intelligentciso . com | Issue 30

41