Zoom has kicked off end-to-end encryption for its mobile and desktop apps. Phase one of the encryption rollout doesn’t include meetings via a web browser.

Zoom, the big winner from remote working during the COVID-19 pandemic, is rolling out end-to-end encryption for all video meetings on mobile and desktop devices after criticism that it used “substandard” encryption.

On Tuesday, Zoom announced that end-to-end encryption (E2EE) is immediately available for users on Windows, macOS, and Android. The iOS version of the Zoom app is still awaiting approval from Apple’s App Store review. It’s being rolled out as a “technical preview” for 30 days, during which time Zoom aims to gather customer feedback about their experience with E2EE.

While the rise in remote working has provided cyber criminals with a potential new route into compromising networks with ransomware, it is still possible for an organisation to move to remote work while also keeping its staff and servers protected from a cyberattack.

SEE: Network security policy (TechRepublic Premium)

Some of this comes from the human level, by training and engaging with staff, even while they’re WFH, so they know what to look for in a phishing email or other suspicious online activity. But it’s probably impossible – and unfair – to expect employees to carry the weight of defending the organisation from cyberattacks.

“A technical defence followed by a really well educated user base, who know what to do if they encounter something, if they seem unsafe, is the best way to go for most organisations,” says DeGrippo.

One of the reasons ransomware has become so successful is because many organisations don’t have offline backups of their data. Regularly backing up the network helps provide a fail-safe against ransomware attacks because it provides the ability to restore the network with relative ease without having to line the pockets of cyber criminals.

Multi-factor authentication is a must when it comes to helping to protect the network from cyberattacks, so if a user does fall victim to a phishing attack and gives away their password by accident – or if attackers simply manage to guess a weak password of an internet-facing port – a second layer of protection prevents them from easily being able to use that compromise as a gateway to the rest of the network.

If possible, it’s also useful to separate the network so that it isn’t flat throughout the entire structure of the organisation, something that doesn’t have any real negative impact on the business, but can go a long way to making it harder for cyber criminals to move around the place if they get in. In the worst case scenario, that means if there is a successful ransomware attack, it can be restricted to a small part of the network.

“If you minimize the ability to move laterally across the network by instigating network segmentation it’ll slow down the spread of ransomware,” said Carmakal. “This is all security basics, but we find a lot of companies still struggle with the basics.”

Regularly applying security patches can also prevent ransomware attacks from being effective as it means they’re unable to take advantage of known vulnerabilities to spread around networks.

However, while ransomware remains a large problem for organisations, with cyber attackers getting more ingenious with their schemes and demanding higher ransoms, the battle isn’t lost.

Other kinds of cyberattacks – that have previously been the flavour of the month for cyber criminals – have successfully been countered, so it isn’t impossible that ransomware could go the same way if organisations – be they on premises, remote, or a mixture of the two – follow the correct security protocols.

SEE: Ransomware: 11 steps you should take to protect against disaster

“I don’t think that it’s all bleak; we’ve seen a significant reduction in software vulnerabilities over the past two or three years. Browser vulnerabilities are almost non-existent and much of that resulted in the reduction of the exploit kit landscape – exploit kits today are quite rare,” says DeGrippo.

“Continuing to fight this fight could go the same way. If we continue to work on the problem, eventually it won’t be as lucrative,” she adds.

The reason ransomware remains lucrative is because victims pay the ransom, opting to do so because they perceive it as the best way to restore the network. But paying the ransom means attacks will just continue.

“Never ever recommend paying the ransom. I understand the considerations behind doing it, but I’d never say it should be done because it’s very obvious that it perpetuates that kind of attack,” says Oren.

Leave a Reply

Your email address will not be published. Required fields are marked *