Fool me once: Why shadow IT needs continuous monitoring

The bad guys come back

The saying goes, “Fool me once, shame on you.  Fool me twice, shame on me.”  Yet when it comes to ransomware and shadow IT, many organizations do not heed this advice.   When data or networks are breached and held for ransom, many organizations pay the ransom, but fail to identify how their system was breached.  As a result, many organizations are fooled repeatedly and pay ransom more than once for the same IT vulnerability. A piece from the UK’s National Cyber Security Centre (NCSC) describes how a company fell victim to ransomware.  In their blogpost, The rise of ransomware, they detail how a company paid nearly 6.5 million pounds in ransom; did not identify the root cause of their attack and did not secure their network.  Two weeks after paying the ransom, the same criminals infected that company’s network with the same ransomware used in the first attack.  The company ended up paying a ransom a second time. This lesson is shared by the NCSC so that organizations know that if they suffer a ransomware attack, they should determine how it was possible for criminals to embed themselves on their network undetected before the ransomware was unleashed.

Why the rise in ransomware?

Ransomware is malicious computer software that takes data hostage.  Ransomware can encrypt and block files on your computer and ask for ransom in exchange for a key to decrypt your files.  To appreciate where ransomware is going, it is useful to understand the ransomware story from Reveton to Maze.  During the pandemic, there was a feeding frenzy of ransomware attacks because the fishing was good for vulnerable data.

Rush to the cloud can prompt shadow IT

Rapid changes to where and how people access data can drive up risk.  During the pandemic, in the rush to work remotely, many employees expanded their use of shadow IT. Shadow IT includes cloud applications, web services, software, and devices that employees use without IT authorization to do work.  When employees use shadow IT, they become easy prey for cyber attackers who are constantly seeking vulnerable data.   Last year, there were increased cyber attacks because the number of vulnerable endpoints spiked — and so did the success of ransomware.  For more on this, see our blogpost about the alarming trend in ransomware and our LinkedIn session about how hackers behave like businessmen. If your organization is running any of these cloud services without IT authorization, your data may be at risk:

• AWS S3
• Drive
• Dropbox
• GitHub
• Trello

Continuous monitoring protects data outside the IT perimeter

When we think of shadow IT as inevitable, we see that continuous asset discovery and monitoring is the only way to protect data outside the IT perimeter.  And this is where CybelAngel can help.  Top organizations around the world rely on CybelAngel to detect and secure data outside their IT perimeter — and so can you.   CybelAngel’s Digital Risk Protection Platform delivers solutions that empower enterprises to protect their data from breaches. These solutions include:

• Data breach prevention
• Asset discovery and monitoring
• Third-party risk management
• Domain protection
• Account takeover prevention 

When it comes to ransomware and shadow IT, it’s okay to be fooled once, but not twice.  If you suspect shadow IT in your organization and want to prevent cyber attacks, contact CybelAngel for a free assessment.  Find out for yourself how much of your data and endpoints are easily available and vulnerable to attack.  Remember that when criminals infiltrate your network, they are doing so with plans to return.  If your organization pays ransom to regain control of your network, you can be sure the same criminals will return to your network to see what else they can exploit.   With CybelAngel, companies get ahead of criminals before their data is subject to ransom.  Whether it’s cloud applications, web services, shadow IT, decommissioned hardware, cell phones, or IoT devices, CybelAngel can detect and secure vulnerable endpoints for companies, thus ending the risk 100%.  Because in a world of rapid change to how people access data, shadow IT is inevitable — but damage is optional.