How can Synkzone protect your data and minimize the impact of a cyber-attack? To answer this question, here’s an example based on a real-life incident in the fall.
An incident where a company suffered very significant damage. The company itself is certainly far from being the worst in class when it comes to information security, they could undoubtedly be described as extremely aware with active work in the area.
As always when it comes to security, not all details are public, nor should they be. Some of what I write is therefore based on assumptions, assumptions that may be completely wrong. At the same time, they are not in any way unreasonable and even if this is not exactly what happened, it is not an unlikely scenario that could affect other companies.
Remote working and shadow IT
The Public Health Agency of Sweden and the Swedish government have made recommendations that in these times we should work from home as much as possible. This was a fact already this spring and many were caught off guard. Of course, this created and continues to create challenges. Being able to continue to be operational, access my data remotely and complete my tasks is far from a given. We can assume that the situation is better now in the second wave and that several companies have acquired solutions to enable remote work. But still, not everyone has a good and secure solution.
The phenomenon is usually referred to as “shadow IT”, a user bypasses the rules and procedures that are set up when the tools provided are either perceived as complicated or simply do not help the user to read their work tasks.
The example company certainly had some procedures in place but it was clearly not quite enough. As the story is retold, the likely source of the breach is a shared desktop application . An application that was certainly not approved by the company but which “solved” a perceived user problem. Creatively by the user who could thus more easily perform his work tasks remotely.
The phenomenon is usually referred to as “shadow IT”, a user circumvents the rules and procedures that have been set up because the tools provided are either perceived as complicated or simply do not help the user to read their work tasks. The intrusion reportedly took place via this application and the perpetrators were now on the inside of the company’s IT environment. I will return below to what happened next.
How Synkzone can help you with shadow IT
Thus, it is of the utmost importance that we, as a company, make sure to provide the tools necessary to work safely from home. What tools are required and how do I ensure that safety is as good as working in the office, or at least at an acceptable level.
Synkzone delivers an application that is as secure in the office as it is when you work remotely. Why would you settle for less security than that?
Now, it doesn’t solve the full needs of all employees, it may be that you have systems that need to be accessed via VPN tunnels, for example, but to store, collaborate on and access your files, the system is a peace of mind that not only raises the security of remote work, but also when working in the office.
On the inside of your IT environment
Back to the example company: now the perpetrators are inside the IT environment and have access to file servers and more. Since nobody knows anything yet, the intruders are free to move horizontally inside the IT environment. Once inside, it is often the case that the protection is weaker and the material is easier to obtain. In the example, it appears that the company did not store its information encrypted, but all information seems to have been in plain text on the company’s file servers. It also seems that the environment in this case was set up in a way that once you were on the inside, it was relatively easy to access the storage area for all information. Information and files were copied and stolen. Still without the company seeming to have had any knowledge that it was under a cyber attack. One of the big mistakes here is that the company stored its sensitive files in plain text.
Encrypted storage the least a business should do
At Synkzone, we believe that storing sensitive information encrypted is the least you can do. Ideally, this should be done with full control and ownership of all encryption keys. It is also important to consider how and where the information is stored, and who has access to what.
“On a need to know basis only” is a rather simple principle. That is, a user, regardless of role, position should never have access to more information than necessary. Just because I am the CEO and sit “at the top” of the organization, I do not need to have access to all information. Just because I am highly responsible for the operation of our file servers, I need to have access to all information. We mean the opposite, an IT administrator may have access to the whole environment, but he should not have access to any information.
In the Synkzone solution, we let the information owner assign rights to who can access what information. This is done through our zones. And of course, all information is always stored encrypted. Only trusted users have access to the information they should have access to.
Just because I am the person most responsible for the operation of our file servers does not mean I have access to all the information. On the contrary, an IT administrator may have access to the whole environment, but he should not have access to any information.
When you collaborate on files and information, all transport between clients is of course also encrypted. A file only exists in plain text on a trusted client, never in transport or in storage.
Ransomware revealed the breach
Perhaps the breach I describe above would still be unknown today, were it not for the fact that the perpetrators decided to, as icing on the cake, also infect the environment with Ransomware, in the hope that the company would pay a hefty ransom.
Here, however, the perpetrators seem to be well on the pump, the company seems to have had good Ransomware protection in place and by all accounts the malicious code was detected quickly enough for them to be able to recreate the information without major damage. This also allowed the company to calmly inform the perpetrators that it was not going to pay any ransom and meet their demands. The company was no doubt very pleased to be able to thwart Olle at such an early stage.
The criminals thought it best to have the last laugh and started leaking/selling the stolen files containing highly sensitive information. Information that in the “wrong circles” is of high value and can create a chain reaction where the company’s customers will suffer great damage.
How Synkzone can protect you in a ransomware attack
Ransomware has spread like wildfire in recent years and has become a source of income for organized crime. We read about attacks every day and yet the number of unreported cases is large and the costs are enormous. It is not only the ransoms that cost, on average, a Ransomware attack costs Swedish companies 2.4 million per attack in ransoms and or downtime. The downtime costs are defacto 50 times higher than the ransoms demanded (Source: Datto)
In a closed environment, it is often easier to protect yourself, but the way the world looks today and with the need to be able to share information both internally and externally, the requirements for effective protection against Ransomware increase.
With Synkzone’s solutions, you can easily share information both internally and externally and therefore we also have a proprietary Ransomware protection to protect you in the event of an accident. Through our protection, Ransomware is immediately detected and the infected client is quarantined. Once the client is cleared of malware, the user can easily restore all files to the moment before the attack. This minimizes downtime and there is no need to pay any ransom.
The consequence
We do not know how much the above example cost, and probably never will. Even if it is said to have paid no ransom, it has obviously still cost a lot. The costs of downtime, security consultants, overtime in the IT department, new investments in IT, various forms of reinforced perimeter protection and everything else quickly add up.
I suspect, however, that the costs of damaged trust among the company’s customers, lost contracts, etc. exceed the short-term costs in the long term. Perhaps there may also be a question of damages from customers who have had sensitive information exposed.
Synczone’s solution
We are not saying that Synkzone is the solution to all problems, but we are confident that we can help your company to better protect you and not least your data and thus greatly reduce the consequences of a possible cyber attack.
With Synkzone:
- employees work securely from home without VPN and other technical solutions;
- you can share information and collaborate securely even with external parties such as consultants, customers and partners;
- the information is split into separate zones protected by strong encryption:
- all servers involved are built with protection against hackers and insiders;
- all information is stored encrypted and you own the encryption keys;
- cooperation is protected against ransomware;
In addition, several tools and features to facilitate effective collaboration are coming soon.
Find out more at www.synkzone.com or contact us at sales@synkzone.com to find out more about what we can do for you.