SpartanTec, Inc. Wilmington: Ransomware vs. data breach: What is the difference?

It is evident that South African organizations are at risk of cyber-attacks that could affect major global economies. To circumvent existing defense mechanisms, the cybersecurity threat and data breach landscape changes constantly. Hacking as well as insider attacks are used by cybercriminals to get access and extract data from the organisation’s network. This can lead to a data breach.

Ransomware attacks are not the same thing as data breaches in which ransomware holds the data hostage. Ransomware typically blocks access to infected computers’ data until payment is made. Data breach is when sensitive or confidential data is stolen from an organisation. This data can then be used to gain financial gain as well as to cause harm.

Understanding Ransomware and Data Breach

Although Ransomware attacks based on file attachments are still a threat, they have become more common and can be controlled using execution control in certain next-generation Endpoint Detection and Response technologies.

“There’s a transition from cybercriminals with the use of malware, file-based attacks, and complex hacking attacks against an organisation’s network – which results in data breaches,” says Jeremy Matthews, Panda Security Africa regional manager.

Yahoo revealed that login data for all 3 billion accounts of its customers had been stolen in 2016. The massive data breach had huge consequences for everyone involved. Reputational damage resulted from the breach which led to the company’s devaluation. Verizon eventually bought it for $350 million.

Liberty Holdings, a financial services provider, was recently attacked. According to reports, the data breach included customer and corporate emails as well as attachments. While hackers demanded ransom to retrieve the data, it is important that you recognize that this wasn’t a Ransomware attack which restricts access to data. Instead, stolen data is being held hostage for ransom.

Data breaches can be dangerous for more than just financial reasons. Access to client and company data could have grave consequences. Think about the documents and emails that you share with financial institutions or healthcare providers. These emails may contain sensitive information like ID numbers and medical information that could be used to execute future targeted attacks. This information is more valuable than a password. If hackers gain access to your ID number, they can’t just go out and buy a new one.

It is difficult to avoid these cyberattacks. A comprehensive cybersecurity approach that includes proactive threat hunting, new-generation EDR technology and corporate policies and procedures for data handling and management is required.

Matthews states that investing in new-generation endpoint technology will be the best way to eliminate advanced cyberthreats. It will provide protection as well as full visibility into endpoint behaviour and processes. Panda Adaptive Defense, with its 100% attestation module as well as integrated Threat Hunting & Investigation Service (THIS), provides additional protection by monitoring endpoint processes and collecting log data to identify potential risk areas.