Five Steps to Disarming Ransomware Attacks

You have 48 hours to send two Bitcoins to the address below or your data will be erased. Do not contact the authorities.

If you’ve seen this notice, you know the fear induced by a ransomware attack. And if you haven’t, there’s a good chance you soon will. In 2017, the number of ransomware assaults grew 250 percent in the first quarter alone, causing millions of dollars in lost productivity and lost data. Today, ransomware remains one of the top cyber threats to enterprises. Why? Here are 10 factors that make ransomware irresistible to cybercriminals—and five steps to disarming attacks.

  1. Ransomware tools are becoming more sophisticated: From malware that flies under the AV radar to brute force attacks, hackers are constantly getting better at getting in. Better encryption makes it all but impossible for victims to unlock their files without paying for the key.
  2. Phishing, sadly, still works: Phishing attacks have been going on for 30 years now, so users must be experts at spotting them by now, right? Wrong. Phishing attacks are still effective, and employees may assume that IT and security teams are keeping them safe from phishing attacks.
  3. The most vulnerable attack vector is unprotected: Without a comprehensive endpoint backup solution, an organization’s laptops and desktops are unprotected. And yet, the Code42 CTRL-Z study revealed that IT decision makers believe that 60 percent of corporate information lives on users’ laptops. If executives know this, so do cybercriminals.
  4. Human behavior creates risk: Your policies say that employees must back up their data to a shared server to keep it safe from endpoint attacks. Unfortunately, employees aren’t following your protocol, leaving endpoint data—which is more than half of enterprise data—unprotected.
  5. Anyone can launch a ransomware attack: Following the trend of the legitimate software industry, Ransomware-as-a-Service (RaaS) takes ransomware accessibility to a new level. People with little technical expertise can “rent” ransomware and create their own phishing emails.
  6. Cryptocurrency makes money laundering easy: To a cybercriminal, the risky part of ransomware is direct interaction with a victim to obtain payment. But the emergence of cryptocurrencies removes much of this risk, creating a digital layer of anonymity between the victim and extortionist.
  7. Attacks target the enterprise: Cybercriminals are increasingly targeting those most likely to pay, and businesses are the ideal targets. They have valuable data they can’t afford to lose and a lot more cash on hand than individual targets.
  8. Once in an organization, ransomware spreads quickly: It only takes one employee to spread an infected file throughout your organization. Your employees are sharing thousands of files with each other every day. Cloud collaboration platforms make file sharing easier than ever, but platforms with automatic sync can actually spread ransomware, syncing infected files to the shared cloud and exposing others.
  9. Prevention is nearly impossible: The number of cybercriminals, combined with the sprawling attack surface, make prevention virtually impossible. More importantly, preventive AV products can’t stop human error. Bigger walls and stronger locks do nothing if your employees are willingly or unintentionally handing over the keys.
  10. Paying the ransom fuels the demand: As long as victims keep paying the ransom, money will continue to pour into the growing black market for ransomware and fuel the increasing sophistication of these exploits. More money, more hackers, more attacks and higher ransoms­­–these are the real costs of paying the ransom.

Break the cycle: focus on the data

The 10 items above paint a bleak picture, but the antidote to ransomware is actually quite simple: Shift the focus from those trying to steal data to the data they’re trying to steal. By focusing on ensuring all data is collected and protected, the enterprise can enable a swift, clean recovery from ransomware and fight it at its source. Here are five quick tips to disarm ransomware:

  1. Collect and protect the data: Truly comprehensive enterprise data protection includes covering data where it lives—on the endpoint. The solution can’t rely on user behavior, and it can’t slow down user productivity because employees will work around it. The solution must be automatic, continuous and frictionless to give IT certainty that every user, every device, every file and every version is covered.
  2. If ransomware hits, have no fear: With all laptop and desktop data continuously backed up, ransomware ceases to be scary. The enterprise has the tools in place to execute an efficient, successful recovery.
  3. Make the clean, quick restore: Comprehensive endpoint data protection turns restore from a costly, weeks-long affair into a quick, push-button task. IT simply rolls back to the last known good state to conduct bulk file restores or allows users to perform a self-service restore.
  4. Never pay the ransom: With quick and comprehensive data restores, the enterprise can laugh at ransom demands.
  5. Feel proudyou’re doing your part: With the tools in place to take the ransom out of ransomware, the enterprise community can cut off the cash flow and begin to shut down the ransomware market.

What If Ransomware Was Just an Annoyance Rather Than a Crisis?

Imagine this: despite a strong firewall, your department is attacked by the latest ransomware that locks up all your employees’ devices right in the middle of the day, effectively stopping work.

Fifty minutes later, every device is back up and running, employees are back to work, your phone has gone blessedly silent, and the package of Tums you keep in your desk drawer lays undisturbed. And…you haven’t paid the ransom.

It’s possible. Here’s how.

It’s not just ransomware itself that’s a threat to businesses; it’s the increasing pace at which it evolves into ever more powerful superbugs that infect systems and evade detection.

The knee-jerk reaction from some in the security space: try to keep up with ransomware’s mutations by evolving prevention faster than the threat. But that game does not end in a winning proposition. While you may be able to defend your most valuable servers, it’s not uncommon for the attacker to find their way in through your endpoints. Faced with this reality, many companies are now just paying off ransoms with cryptocurrency, a short-sighted solution that doesn’t always work and that only makes you the target for more ransomware attacks.

Here’s a better approach: Adapt your preventative defenses, but work in parallel to deploy a ransomware-proof recovery plan for all of your vulnerable devices—including every endpoint.

What does a ransomware-proof recovery plan for endpoints look like? Here’s a quick step-by-step guide:

  1. Take stock of every endpoint device in your organization.
  2. Back up the data on every endpoint device. The more frequently you back it up, the less data you are at risk of losing in a ransomware attack. Backing up every 15 minutes is best practice.
  3. Back up your endpoint data in a solution independent of your cloud collaboration software. Ransomware can infect shared folders and, in some cases, spread it to other devices even faster.
  4. Confirm that your backup storage is not susceptible to ransomware attack.

With this recovery approach in place, any endpoint device locked by ransomware can be unlocked by wiping the device and fully restoring the user’s data from your backup stores. With practice and a well-documented process, users can be up and working in less than an hour after a ransomware attack.

Good prevention tactics will help reduce the cost and disruption caused by ransomware, but won’t eliminate your risks. Enacting a recovery plan that accounts for every endpoint is the most important next step you can take to limit ransomware’s impact on your organization.

Protect your business from ransomware

Protect Your Business from Ransomware with Code42

Code42’s endpoint data security solution provides your business with a variety of benefits, including increased productivity, risk mitigation, streamlined user workflows, and more–all in a single product that’s been proven to ultimately save you money. With ransomware making huge headlines in 2017, one of the Code42 features that enterprises are most interested in is ransomware recovery.

Since Code42 backs up your data every 15 minutes by default, you can roll back to a point in time and access files you were working on before the ransomware attack–without ever paying the ransom. Ransomware recovery is one of the major ways a true endpoint backup solution beats file sync and share products for data backup. Sync and share products can’t restore to a particular point in time, but they can actually spread ransomware through an organization.

To learn more about how Code42 beats sync and share products for ransomware recovery, watch our latest feature video below.

Large University Expels Ransomware Attack with Code42

A staple in the surrounding community and one of the most respected educational and research institutions in the United States, the university has a deep history of excellence to uphold. For such a storied southern university with more than 13,000 students, protecting the sheer amount of faculty, alumni and student data is a cumbersome task. The IT department, which is made up of around 100 employees, turned to Code42 to make sure the right backup solution was in place in case of an attack.

With Code42, the university primarily backs up VIPs, such as the CTO, CEO and anyone higher up in the organization. “Typically they travel a lot and so they have laptops and a lot of times they have important data on their laptops. So we’re using Code42 backup to make sure no matter where they are we still are protecting all that data,” said a systems administrator at the university.

Passing the ransomware test

A VIP user in the human resources department called the help desk after a pop up appeared on her computer. Unable to remotely access the computer, the university sent desktop support personnel to examine the machine. Once help arrived, they realized a hacker was trying to cheat the system with a ransomware attack, claiming they needed a payment of three Bitcoin (at that time worth about $1,000) before returning sensitive data.

Learning about ransomware for the first time, the university didn’t know if there was anything they could do. Unwilling to waiver on paying the ransom, the university reached out to the IT departments’ systems administrator tasked with handling backups. Because the infected user was enrolled as a VIP on Code42, the systems administrator was able to restore her computer with an automatic, continuous and near real-time backup of all endpoint data.

“Code42 runs in the background. They don’t even realize it’s there. When they do reach out to us we can easily push a restore out to them, some of them can restore it themselves. It’s very easy to restore from. It’s really just peace of mind,” said the systems administrator. In the future, the university plans on expanding rolling out Code42 to the research community and additional staff, as well as implementing more security measures.

This isn’t an instance that only affected this university. Employee laptops and desktops are soft targets for ransomware. If a company is unable to reconstruct what existed on the device after a data incident, it may result in brand repercussions to class-action lawsuits or regulatory fines. By using Code42, it provides the data and tools needed to recover and avoid paying the ransom. Every time.

Ransomware Data Loss: What Will It Cost You?

Ransomware is a problematic cyber threat. In 2015, there were an average of 4,000 ransomware attacks per day in the U.S. alone, and the number has only climbed since then. Fifty percent of U.S. companies reported being the target of a ransomware attack in 2016. In 2017, the world was introduced to the biggest ransomware threats yet in the form of WannaCry and NotPetya. Worse yet, ransomware is predicted to $11.5 billion in losses by the end of 2019. If that doesn’t give you pause, nothing will.

Ransomware is real, rampant and ruthless.

Recovering from ransomware

The only way to outwit the cybercriminals is to protect your data before ransomware hits. The FBI agrees and recommends that you never pay. Without a comprehensive data protection strategy in place, you’re pretty much out of luck when ransomware strikes. When it does, it’s going to cost you, either in Bitcoin or in lost data.

The cybercriminals will tell you how much money they demand for the safe return of your data. But what if you follow the FBI’s recommendation and refuse to pay the ransom? How much would your data loss cost you?

Calculating the cost of ransomware data loss

If you aren’t sure how to quantify the financial impact of data loss from ransomware on your business, you aren’t alone. We’ve created a simple online calculator that will help.

It’s easy. Just answer a few questions about your enterprise environment. We do the number crunching for you. Curious about how much lost data costs you in other areas of your business? Complete the sections about data migration, hard drive recovery and device failure and loss for a custom analysis. This is especially helpful if you need to justify your endpoint data protection budget.

All in, it should take you about five minutes to complete. You can run the numbers as many times as you want to see how different answers affect your risk calculations.

Code42 data loss risk calculator

We hope that endpoint data protection is your number one priority as you plan for the next year. Based on the stats above, we’re all going to need it. Ransomware is like a runaway bullet train. Until you stop it, you’re at the mercy of a countdown clock and your ability to recover. Endpoint data protection is the only way to guarantee data recovery–without paying the ransom.

Find out how much ransomware data loss is costing you. Calculate your risk with the Data Loss Risk Calculator.

In Healthcare, Ransomware Actually Threatens Patient Safety

Imagine needing medical care and being turned away because the hospital or provider is paralyzed by a ransomware attack. Perhaps even scarier: needing emergency care and being treated “blind” by doctors who can’t access your medical records. This isn’t some far-off worst-case situation. Just last March, MedStar Health, the largest healthcare provider in the D.C. region, was forced to turn patients away and treat others “blind” for two full days after ransomware locked down its patient database.

Legislators urge HHS to focus on continuous data access

Nightmare scenarios like this are getting the attention of regulators and legislators. In June, two U.S. congressmen released a letter urging HHS to amend HIPAA rules to prioritize continuity of data access. In particular, they called for a focus on any incident that “results in either a denial of access to an electronic medical record and/or loss of functionality necessary to provide medical services.” The loss of data access is more concerning than a privacy breach, explained Congressman Ted Lieu, because “it could result in medical complications and deaths if hospitals can’t access patient information.”

It makes sense, doesn’t it? Patients (and the general public) have a right to know about incidents like this. After all, you might not choose the hospital that can’t promise continuous care.

Is healthcare too focused on data privacy?

HHS did recently issue specific guidance on ransomware and HIPAA compliance. But the guidance stays within the realm of original HIPAA rules, focusing entirely on data privacy concerns. The result, according to a new report titled “Hacking Hospitals” is that the typical healthcare organization has built its security infrastructure and strategy with tunnel vision on patient data privacy and HIPAA compliance. The report cautions that a singular focus on data privacy leaves an organization unprepared and vulnerable to a range of other cyber attacks that may pose an equal or greater risk. In the case of ransomware, the risk arguably supersedes patient privacy concerns, impeding the organization’s ability to actually deliver patient care. “These findings illustrate our greatest fear,” the report warns, “patient health remains extremely vulnerable.” The report concludes that the focus on data privacy, “while important, should come second to protecting patient health.”

Importance of data access elevates disaster planning and recovery

The shift toward focusing on continuous data access isn’t unique to healthcare. Regulators in every industry are realizing that an interruption to data access—such as ransomware attack—may have a graver impact than a traditional data breach. Businesses themselves are also seeing the threat of huge monetary losses from an interruption in service delivery. Looking back to healthcare, the ransomware attack on Hollywood Presbyterian Medical Center made headlines for the $17,000 ransom payment, but the cost of system downtime was far higher, with an estimated $1 million in lost revenue from lost CT scans alone.

This realization is putting disaster planning and recovery on the same level as detection and prevention in a modern data security strategy—and putting data backup squarely in the spotlight. The legislators pushing for HIPAA changes already acknowledge that effective backup can eliminate data access interruptions and mitigate the risk to patient health. Future regulations in healthcare and other industries will likely include specifications for comprehensive data backup—covering central servers and systems, as well as the half of all enterprise data that now lives on users’ endpoint devices.

Considering the high risk and cost, we don’t advise waiting around until regulators force the issue.

The Ransomware Paradox: Bad Guys Offer Good Customer Service

Not only are ransomware extortionists stealing our money, they’re also stealing our smart business practices. First, cybercriminals started mimicking our sophisticated organizational hierarchies, then they figured out a new financial trading system. Now, in an absurd juxtaposition, they’re pampering their ransomware victims with helpful customer service to increase their chances of getting paid.

Need help finding a Bitcoin vendor? Here’s one in your area.

I can understand you might be skeptical that we’ll actually restore your files.

We’ll let you decipher one file for free. Oh, you just made a car payment and are a little low on cash? No problem, we’ll lower the ransom.

The paradox of bad guys offering good customer service was so interesting to European cybersecurity company F-Secure that the firm recently evaluated the customer journeys of five current ransomware families: Cerber, Cryptomix, Jigsaw, Shade and TorrentLocker. First, F-Secure set up a Hotmail account for a bogus “Christine.” Then, once infected, the firm had her interact with the criminals to observe the numerous tactics of reputable customer service being used by disreputable extortionists:

User-friendly interface

Knowing it’s important to make a good first impression, smart cybercriminals are using more professional-looking branded webpages to notify victims their files have been taken hostage. Cerber’s website even offers content in 12 languages and has the online equivalent of a Wal-Mart greeter (albeit, one who is talking through a tracheostomy tube): A voice letting victims know their files have been encrypted, just in case they don’t read the ransom note on their screen.

Clear instructions and FAQs

Most extortionists demand payment in Bitcoin, which isn’t widely understood by the law-abiding masses. So extortionists provide clear instructions, FAQ pages and lists of Bitcoin vendors.

Multichannel support

Like good marketers, the bad guys provide support across numerous channels. They offer online forms, chat and email support.

Timely response

Apparently, cybercriminals are keeping up with the latest customer service surveys, like one by Toister Performance Solutions that found customers now expect an email response from businesses within one hour. When “Christine” sent emails asking for support, she often received replies within minutes.

Free trial offer

What better way to build trust with skeptical prospects than letting them see that their files really will be decrypted? Four of the five ransomware families evaluated offered a free trial, usually letting the victim/customer choose one file.

Lower price offer

Ransomware gangs are usually willing to lower the price. When “Christine” balked at the original ransom (which ranged from 150 to 1,900 Bitcoins), three of the families dropped the price, averaging a 29% discount from the original ransom fee.

Extended limited-time offer

Ransomware always has a deadline, akin to conventional limited-time offers. Just like retailers who graciously tout that their sale is “extended three more days,” the bad guys are willing to extend their “offers,” too. When “Christine” complained she was busy and having trouble with the payment process, four of the five families extended the deadline.

While F-Secure’s report looked at the lighter side of a serious problem, the firm’s overarching goal was to remind users that ransomware prevention—with regular backup of files—beats negotiation with the bad guys, no matter how polite they seem.

Code42 Extends Insider Threat Protection to Federal Agencies

An incident or breach caused by an undetected insider threat in the private sector could damage a business’s reputation or significantly impact the organization’s financial wellbeing. But, in the public sector, a similar undetected insider threat breach or incident could jeopardize our national security! That heightened level of risk is why we’re thrilled to share that Code42 has achieved the In Process designation from the Federal Risk and Authorization Management Program (FedRAMP) for Code42’s cloud-based insider threat and data loss recovery solution. With the In Process designation, Code42 appears on the FedRAMP Marketplace, which means that Federal agencies and contractors have the ability to leverage Code42’s insider threat detection, investigation and response capabilities.

Insider threat in the public sector: the risk is real

Breaches and insider threats in the private sector may get the lion’s share of the headlines, but the public sector is far from immune to the insider threat risk. A Carnegie Mellon analysis of data from the CERT National Insider Threat Center (NITC) Insider Threat Incident Corpus shows that the federal government has, by far, the highest number of serious insider threat incidents detected over the past 20+ years — more than all incidents from state and local governments combined. While alarming, it isn’t exactly surprising that the federal government is such a big target. Just as in the private sector, the offending insiders in the public sector tended to be in trusted positions, and most exfiltrated data during normal working hours. And just as in the corporate world, roughly one in three insider threats were contractors, vendors or another third party not directly employed by the federal agency.

Stepping up insider threat protection in the federal government

It’s not that federal agencies don’t understand the risks of insider threat; on the contrary, they are quite well versed and have been managing and setting best practices on insider threat programs for nearly a decade. In fact, way back in 2011, Executive Order 13587 mandated that all federal government agencies that operate or access classified computer networks implement an insider threat detection and prevention program — including the capacity to monitor and analyze the information from insider threats. But eight years later and with growing cloud adoption, there are exponentially more ways for insiders to exfiltrate data. The truth is that most federal agencies’ insider threat programs likely are built around traditional tools like data loss prevention (DLP) products that weren’t designed to handle the modern reality of ultra-portable data and widespread collaboration and file sharing — and simply can’t keep up with today’s resulting insider risks to data.

Code42 gives federal agencies a new insider threat toolset

The In Process designation is a significant milestone in the FedRAMP authorization process. Code42 is working towards FedRAMP authorization by the fall of 2020. But as I mentioned earlier, Code42 is already available on FedRAMP Marketplace — and organizations can even begin the onboarding process today. That means all federal agencies and contractors can leverage our industry-leading backup and recovery capabilities, while also gaining access to our insider threat detection, investigation and response capabilities.

Our solution quickly surfaces insider threats to a federal agency’s most sensitive, valuable and vulnerable files and information, so security teams can respond immediately and effectively — before damage is done. The solution tracks files as they are attached to web-based emails, uploaded to web applications, and moved to USB sticks and external hard drives. As part of its offering, Code42 also preserves a copy of all versions of all files on a user’s computer. This data can be used for forensics or to recover data after theft, ransomware, hardware or software failure.

Demonstrating our commitment to the highest security standards

FedRAMP Authorization requirements include some of the very highest standards for cloud security and data security risk mitigation in the world. Code42 is actively working on FedRAMP Authorization and, once achieved, will mean that we adhere to some of the most rigorous security standards and requirements. Of course, this is meaningful well beyond the public sector: FedRAMP certification should give all Code42 customers reinforced confidence in our ability to secure and protect your data.

We’re quite proud of this achievement around the Code42 offices — and we’re excited to extend our solution beyond commercial and educational organizations to the federal government, helping to protect sensitive federal data that impact us all.

2020: The Cybersecurity Year Ahead

Security never stops. As 2019 comes to an end, security professionals are looking to what is in store for the year ahead. To get some answers, we reached out to Code42 leadership and security experts to get a sense of their cybersecurity expectations for the coming year.

While they expect plenty of tough challenges when it comes to protecting data, there is some good news in the mix. The team anticipates that enterprises will take steps toward formalizing (and automating) their security programs where gaps exist.

Here’s what the Code42 team had to say:

Insider threat programs grow more prevalent

Relentless reports of new, high-profile insider breaches will push many more businesses to finally take insider threat seriously enough to formalize programs and allocate a larger budget dedicated to protecting their intellectual property. This year, at least half of data breaches involved an insider, but in 2020, that figure could exceed 60%.

When it comes to insider threat, companies will begin to lean into new technologies designed distinctly for protecting from insider threats, and they’ll stop shoehorning outdated, ineffective technologies that were never really intended to mitigate insider risks to begin with. Finally, more than 20% of organizations will begin actively measuring what departing employees take from their organization.
Joe Payne, president and CEO at Code42

“ When it comes to insider threat, companies will begin to lean into new technologies designed distinctly for protecting from insider threats, and they’ll stop shoehorning outdated, ineffective technologies that were never really intended to mitigate insider risks to begin with. ”

The role of security will increasingly integrate within IT

With the continued cybersecurity talent gap, along with increased regulatory demands and security threats, security and IT will have to work more closely together. What I mean by this is traditional IT will be expected to take on security responsibilities, while security roles will evolve to become more hands-on and step into actual problem-solving rather than problem-identification mode. 

Security has always been positioned to cover confidentiality, integrity and availability – the well-known security CIA triad. While IT has traditionally been focused on availability, it’s increasingly recognized that data integrity and confidentiality need to be a part of the broader IT strategy. There has always been an opportunity for a natural fit between IT and security, and 2020 will prove to be the year that we recognize the similarities and start to benefit from the combined focus from these two disciplines.
Jadee Hanson, CISO and VP of Information Systems, Code42

Collaborative tools get security department green light

Progressive organizations thrive on collaboration. After all, we are in the midst of a massive culture change that centers on employees’ ability to share ideas, move faster, and collaborate. CEOs are requiring that their employees use Slack, Chatter, Box, and OneDrive to work together to be more productive. However, at the same time, CISOs have been busily blocking collaboration by using legacy prevention technology. In 2020, progressive CISOs will stop blocking and will start focusing on enabling collaboration by adopting new approaches that better address insider risk.
Joe Payne, president and CEO at Code42

“ CEOs are requiring that their employees use Slack, Chatter, Box, and OneDrive to work together to be more productive. However, at the same time, CISOs have been busily blocking collaboration by using legacy prevention technology. ”

DevOps teams embrace security

Organizations have adopted DevOps, but security hasn’t always kept pace. As DevOps grows, so does the desire (and the need) for security to become embedded within these teams. In the next year, organizations will increasingly seek ways to build the skills, tools, and knowledge they need to build security directly into DevOps teams.
Michelle Killian, director, information security, Code42

The security talent shortage continues

By nearly all estimates, the industry is millions of cybersecurity jobs short of what’s needed to adequately secure enterprise data. This shortage will push security teams to automate as much as they can to stretch their capabilities. Hopefully, teams will focus on optimizing the basics because it remains true that the vast majority of breaches could have been prevented if security 101 practices were followed. Areas that will be automated include manual operations tasks, application security testing, data monitoring, and more.
Todd Thorsen, senior manager information security, risk management and compliance, Code42

Security ‘solutions’ continue to grow in complexity

The complexity of security vendor solutions remains too high in cybersecurity. Many vendors continue to proudly talk about how sophisticated their products are and how they can solve complex problems. The problem is: using these security tools themselves is an overly complex and unwieldy process. At the same time, the security industry struggles with a serious shortage of skilled cybersecurity personnel. Something has to give.

In 2020, we will see security vendors focus on providing both signal and simplicity. To align with the realities of personnel shortage, solutions will surface highly actionable information and present it in easy-to-use, accessible ways so that security teams can act quickly without being embroiled in endless investigations.
Joe Payne, president and CEO at Code42

“ In 2020, we will see security vendors focus on providing both signal and simplicity. To align with the realities of personnel shortage, solutions will surface highly actionable information and present it in easy-to-use, accessible ways so that security teams can act quickly without being embroiled in endless investigations. ”

Move from reactive to proactive security

Companies are so busy reacting to incidents and putting out fires that they are missing opportunities to proactively reduce risk. One area is how staff and others will continue to be a highly exploited threat vector, yet companies will continue to trail behind mitigating their human risks. One thing is for sure: training alone is not going to work, as companies need to create security-minded cultures in their workplaces.
Chrysa Freeman, program manager, security awareness, training and culture, Code42

Expect a major breach within a federal agency

A federal agency will experience a large-scale data breach at the hands of an insider. This will highlight the growing insider threat blind spot for all large organizations.

Also, foreign hackers and the election take center stage. There will be proposed federal regulations requiring encryption back-doors and FCC regulation of social media in advance of the elections. As the elections approach, there will be reports of hacks and vulnerabilities, many with grand claims. All of these claims will be unsubstantiated, viciously spun, yet cause no direct or measurable harm. But they will create enough doubt and disruption to further the nation’s political divide.
Andrew Moravec, principal security architect, Code42

The return of ransomware

It used to be that cryptojacking—using someone else’s computing to mine cryptocurrency—was a relatively easy path to profit. But as the price of bitcoin continues to fluctuate wildly, those profits are no longer such a sure thing. As a result, adversaries will shift their attacks to optimize their efforts. Once their malware is deployed onto endpoints, they may decide ransomware is the way to go, which would very well lead to a resurgence in ransomware attacks.
Jeff Holschuh, senior manager of identity, Code42

A renewed focus on data privacy

The CCPA (California Consumer Privacy Act) goes into effect at the beginning of 2020. The act will have a substantial impact on companies that don’t yet have mature data security and privacy programs in place. As enforcement actions are brought under this new law, companies will scramble to ensure they are meeting all of the law’s requirements.

Essentially, CCPA focuses on data collection rules, breach disclosure, and the selling of consumer personal data. Expect not only CCPA-driven lawsuits and fines, but also a nationwide rush by companies to ensure they can comply.
Nathan Hunstad, principal security engineer and researcher, Code42

Code42 Evolutionary Awards 2019

2019 Evolutionary Award Winners Showcase Innovation in Data Loss Protection

With all the scary statistics out there about the growing data security threats in the enterprise world, it’s easy to lose sight of a more optimistic fact: Enterprise data security is getting better — and organizations everywhere are building smarter data loss protection programs. Each year, the Code42 Evolutionary Awards celebrate the smart, innovative and just-plain-cool ways that organizations are protecting their data. This year, we recognized 10 organizations for their extraordinary innovation in data loss protection. Let’s take a look at the 2019 Evolutionary Award winners:

Evolutionary Award: BAYADA Home Health Care

BAYADA Home Health Care won the namesake Evolutionary Award for completely evolving the way their company secures data, protects IP, and enables users. Their data security journey began with safeguarding training videos in the cloud for their mobile workforce, then expanded to protecting data from the threat of lost and stolen laptops. BAYADA’s current project is to ensure that their proprietary and regulated data is secured and monitored for loss and proper usage. “Protecting data is impossible if you don’t have comprehensive visibility into where your data is, and to accomplish this you need the right tools,” says Craig Petrosky, director of Desktop Equipment Services for BAYADA. “That’s why it was critical for us to implement a solution that provides near real-time detection and the ability to respond to cases of data loss, leakage, misuse, or potential exposure.”

Guardian Award: Cisco

Cisco won the Guardian Award for a security team that creatively and effectively fends off an array of threats —from ransomware to malicious insider actors — to protect its valuable data. Cisco has developed countless data protection workflows by using Splunk to develop actionable insights about how data may be infiltrated and exfiltrated from the organization. “In today’s data landscape, it is important to have a solid data collection agent, one that offers insight into where data is, where it’s moving, and where it’s been. A tool that can offer this is an invaluable tool for Insider Threat investigations” says Kevin Currie, investigator CSIRT of Cisco.

Rookie Award: Ironwood Pharmaceuticals 

Ironwood Pharmaceuticals won the Rookie Award for an organization that has successfully deployed a new software product within the past year. Deploying new software is never a small feat, Ironwood Pharmaceuticals did so with a de-merger on the horizon, knowing that they would soon have to split their deployment in two. “When our organization was going through the de-merger, we needed a simple and flexible solution to ensure our data is protected,” says Lian Barry, manager, end user support for Ironwood. “We found a solution that has provided constant assurance that our data is protected throughout this period of increased organizational change. 

Harmony Award: MacDonald-Miller 

MacDonald-Miller won the Harmony Award for striking a balance between data protection and empowering employees to be productive and collaborative in order to deliver results to the company’s bottom line. Two of MacDonald-Miller’s top security priorities are that users never experience downtime from data loss, and that valuable data is not leaving with departing employees. “Our data is our competitive advantage,” said Eddie Anderson, technical business analyst at MacDonald-Miller. “It’s critical for us to protect data from loss, leak and theft, while enabling our employees to collaborate and work at the speed of business.”

Evangelist Award: David Chiang, MACOM

David Chiang, IT system engineer of MACOM, won the Evangelist Award for an individual with expertise in data loss protection who sets industry best practices and actively shares them with peers. Chiang’s passion for software deployment and systems integration began with an intern project and has evolved into deep expertise on protecting data in the midst of a digital transformation. “Digital transformations are exciting, but they can put data at an elevated risk,” says Chiang. “It’s important for organizations to take steps to protect their most important asset — their data — during these times.”

Atlas Award: Proofpoint

Proofpoint won the Atlas Award, honoring an organization for deploying and protecting an expansive global workforce. As the Proofpoint organization grew quickly through M&A, business continuity and user productivity were top priorities set by the CIO. “With help from professional services, we were able to quickly go from nothing to a fully deployed data collection agent that can support our global workforce, ensuring we never experience data loss. We had a very successful deployment and it proved ROI within four months.” says Brock Chapin, systems admin for Proofpoint.  

Trailblazer Award: Schneider Electric 

Schneider Electric won the Trailblazer Award for improving a critical workflow or process for its organization. The company developed a custom app, used as part of their computer depot service, which collects and recovers data — in order to streamline, expedite and standardize the service. The results: time saved for technicians, reduced end-user downtime and improved user experiences. “As anyone in IT knows, positive user experience is critical to the effectiveness of any technical program. Our custom app not only provides that user experience, but it also lets them get back to work faster through decreased down time,” says Austin Joe, end point solutions senior engineer, enterprise IT of Schneider Electric. “We couldn’t be happier with the results.” 

We’re in this together

Join us in giving a virtual round of applause for these successful and innovative organizations. These examples not only represent major achievements for the organizations themselves, but the overall progress of the collective community of enterprise data security professionals. As your security team tackles emerging and evolving data loss challenges, don’t forget that you have a powerful resource in your Code42 peer network. From looking to examples like the customers highlighted here as inspiration or blueprints for your own initiatives, to consulting with other data security professionals to get answers, advice and guidance, we encourage you to leverage this valuable connection to some of the enterprise security world’s best minds and biggest thinkers. While the details differ, we face the same threats, manage the same challenges and share the same goals. We’re in this together.