Eric O’Neill: Most of Ransomware Attacks Affect Home Users
Frank Jablonski, Acronis Vice President of Global Product Marketing, talks about cyber security with Eric O’Neill, an accomplished public speaker and security expert, who lectures internationally about espionage, cyber security, fraud, and hacking.
What are the top 3 recommendations you would make to consumers to protect their data from security threats?
Security threats are certainly coming after consumers, not just enterprises. We tend to think of it as a problem for business or government, as we see so many hacks and attacks that go after the offices like the Office of Personnel Management, and different government agencies and businesses, like Sony. But the fact of the matter is that most of the malware is affecting the grandparents and parents and just the person with an email account and a computer. And so, if the regular consumers have to protect themselves, they have to do something. There are three good steps:
- Technology. You have to have a solution that gives you a preventative defence that you need. Something that is going to search out the malware, something that is going to stop it before it infects you.
- Good cyber hygiene. If you don’t have that, if you’re not smart about how you access things online, if you’re not being careful with your social media, if you’re clicking those links that you get in those emails that don’t really come from your friends — but they are spear phishing attacks, then you’re going to get hit by something like ransomware and lose all your data (unless you pay some hacker sitting somewhere else in the world).
- Good backup. Even the best solution can sometimes miss the attack, just because the attackers are that good. So you have to have a good backup solution that is efficient and quick. It will protect you and let you recover your data in case you get attacked.
Given the rapid spread of malware today, do you see a shift to the necessity of malware-resistant backup solutions moving forward?
Absolutely. It’s not good enough just to have a backup, because you would have to be backing up every second. Malware is so pervasive in the industry right now that you don’t know when you going to get hit. And in 2016 for example, just last year, ransomware was one of the most popular malware attacks, creating a $1 billion crime. It was the most prolific cyber-attack of last year. And all points suggest that it’s going to be even bigger in 2017. Just because it works. So, in the light of that, you have to be extremely careful and you have to take every step necessary to protect yourself.
Should backup and security solution vendors be combining forces to better protect consumers?
I think it’s a great way going about it. You have to have a preventative approach. If you just have a backup, you’re going to be restoring your backup every time you get hit. It’s going to be exhausting. But if you combine the two, then you’re hedging your bet. You have that insurance. You prevent the attack, but if the attack gets through, you have good backups. You can recover rapidly and you don’t have that downtime and that gut wrenching data loss that would ruin your year.
From your experience, what is the best way to show consumers how important these things are and motivate them to take actions and protect their data and their families?
I think 2017 is going to be all about cyber security. It is one of the most newsworthy things that has happened in 2016. Not because of the Russian hacking, but because of the prolific malware and ransomware attacks that have plagued us over the last year. I would hope that consumers don’t really have to be convinced. But I think if they’re not convinced now, give it a couple of months. They are certainly going to be convinced when people they know, not just businesses that don’t touch them, but people they know, are attacked by malware and lose data and money. Ransomware will become more familiar. Not just as a buzzword, but as an actual term, an actual fear. But we don’t want to sell things based on fear. I think it’s more about education, it’s about protecting yourself, and protecting things that matter to you most — and more and more of that is data.
Are there any government regulations that will be coming out that you think will have a dramatic impact over the next few years?
I think there will be some, certainly within the next three to five years. One of the problems is that the federal government hasn’t got its act together on cyber security. We are at a deficit. We have pretty much failed for the last number of years in regards to cyber security. Part of that is because we have a decentralized security system. If you just look at our critical infrastructure, it’s owned by a lot of private companies. So how does the federal government regulate? However, based on the high profile attacks that have happened, I think there will be moves to try to solve the problem. And what we do in the U.S.? We regulate in order to solve problems. That may or may not work — I don’t want to get into politics here. But what I can say, if we just want to break it down and look at ransomware, for example, is that some states are moving to deal with it already. And one of the ways they’re dealing with it is by creating a new crime. Previously in order to go after someone who launched a ransomware attack, they could only be charged for extortion, which is hard to prove. New crimes are on the books in certain states (California is the newest), where if you launch a ransomware attack, then you’re committing a criminal offence. People will think twice before launching such attacks.
What are the generational differences in people’s approaches to data security and privacy that will impact how vendors should approach consumer solutions?
You have to look at generations, because different generations, especially the newest ones, consume media in different ways than some of us, older folks. If you look at younger people, they are far more engaged in social media. They’re putting way more of themselves out there. And that is all free information for hackers, spies and criminals to use to craft targeted attacks and attack them. With crafted attacks, they are more likely to trust that spear phishing email, click on the link, and load the malware that leads to the ransomware that locks their computer. And then, they’re calling their mom and dad asking for the money to pay the ransom! Criminals like to know who their target audience is. They are the biggest purveyors of technology, especially social media, looking for careless people to create highly targeted attacks.
The interview has been edited for clarity purposes. The interview took place on the sidelines of Acronis New Generation Data Protection Day in New York on January 18, 2017.
- Eric O'Neill — Keynote Speaker / SpyCatcher
- Acronis True Image 2017 New Generation
- Acronis Active Protection: A powerful stand against ransomware that helps protect your data from this nefarious, modern data threat.
- Frequently Asked Questions: Protection Against Ransomware