Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge.
The headlines feel like Groundhog Day, if each of Bill Murray’s repeated days grew increasingly threatening:
Ransomware attacks rise again.
Ransomware attacks up over last quarter.
Ransomware attacks tower over previous year.
You get the idea. And yet again, a new report from Ivanti sends a clear warning: It’s still getting worse. The Ransomware Spotlight Year-End Report identified 32 new ransomware families in 2021, bringing the total to 157 and representing a 26 percent increase over the previous year. These ransomware families are exploiting a total of 288 vulnerabilities – a 29 percent increase over the previous year. The report was conducted in partnership between Ivanti, Cyber Security Works and Cyware, and based on proprietary data, publicly available threat databases, and threat researchers and penetration-testing teams.
The report found that these ransomware groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, threat actors are broadening their attack spheres and finding newer ways to compromise organizational networks and fearlessly trigger high-impact assaults.
And according to Coveware, organizations pay an average of $220,298 and suffer 23 days of downtime following a ransomware attack. That’s devastating in an optimal climate, and given the scramble to shift to the digital landscape combined with unprecedented shortages of skilled IT labor, an attack could be insurmountable.
It’s Time to MAP Your Cybersecurity Journey
The good news: while ransomware threats are increasing in sophistication, so are countermeasures. There are things you can do to dramatically reduce your attack surface and proactively protect against and/or remediate threats without further exhausting your human resources.
To build a comprehensive, scalable and framework-aligned cybersecurity strategy for the Everywhere Workplace, companies must go on a three-phased journey: Manage, Automate and Prioritize (MAP). Manage, the first phase, is about establishing your cybersecurity foundation. Automate is about alleviating the burden on IT. Prioritize is about getting to a state where IT has the information and ability to identify and address the top risk areas.
There are six steps to a comprehensive MAP strategy, and you can get started right now:
Step 1: Get Complete Asset Visibility
You can’t manage and secure what you can’t find. Invest in an automated platform that enhances visibility into all connected devices and software and provides context into how those assets are being used, so your IT and security teams can make better decisions. A comprehensive discovery initiative finds all assets on a network, including both corporate-owned and BYOD devices, and then provides context around who is using what device, how and when they’re using that device, and what they have access to. This enables security teams to better keep assets protected and improve overall security posture.
Step 2: Modernize Device Management
Modern device management is an essential part of increasing security in remote and hybrid work environments. A unified endpoint management (UEM) approach fully supports bring-your-own-device (BYOD) initiatives while maximizing user privacy and securing corporate data at the same time.
UEM architectures usually include the ability to easily onboard and configure device and application settings at scale, establish device hygiene with risk-based patch management and mobile threat protection, monitor device posture and ensure compliance, identify and remediate issues quickly and remotely, automate software updates and OS deployments, and more. Choose a UEM solution with management capabilities for a wide range of operating systems, and one that is available both on-premises and via software-as-a-service (SaaS).
Step 3: Establish Device Hygiene
Most people associate device hygiene with patch management, but it extends beyond that. Good device hygiene involves taking a proactive, multi-layered approach to ensure that only devices meeting defined security requirements are allowed to access business resources, thereby reducing the digital attack surface. Companies should look to combat device vulnerabilities (jailbroken devices, vulnerable OS versions, etc.), network vulnerabilities (man-in-the-middle attacks, malicious hotspots, unsecured Wi-Fi, etc.) and application vulnerabilities (high security risk assessment, high privacy risk assessment, suspicious app behavior, etc.). Establishing good device hygiene also includes building processes that are well-defined and repeatable so they can eventually be automated.
Step 4: Secure Your Users
The only people who seem to like passwords are the threat actors who weaponize them. Credentials, like passwords, remain among the most sought-after data types in breaches – involved in 61 percent of breaches. Further, single sign-on (SSO) solutions can create a single point of failure that can be exploited by hackers to gain access to most or all enterprise apps.
The ideal solution: Passwordless authentication via zero sign-on. Instead of passwords, this approach uses multifactor authentication via alternative authentication methods such as possession (what you have, like a mobile device), inherence (biometrics like fingerprints, Face ID, etc.) and context (location, time of day, etc.).
Step 5: Provide Secure Access
The network perimeters that worked when your team was in-office no longer suffice in the Everywhere Workplace. Today’s networks should be built on the principles of the software-defined perimeter (SDP). It’s designed to leverage proven, standards-based components that help ensure SDP can be integrated with your existing security systems. SDP still requires a layer of security to maximize benefits, which is where zero-trust network access (ZTNA) comes into play.
Step 6: Continuously Monitor & Make Improvements
Most assessments of security posture are made after an attack, and are specific to the attack vector. This reactive approach, combined with too many empty seats in IT roles, is a substantial problem. To stay in compliance and mitigate threats, it’s imperative to get a handle government, risk and compliance (GRC) management. Look for a solution with quick and easy regulatory documentation imports to map citations with security and compliance controls, and seek to replace manual tasks with automated repetitive-governance activities.
There’s a lot of information here – and the idea of tackling six steps can feel overwhelming. Then again, the threats are overwhelming, too. It’s essential to take partners and leverage solutions to support your cybersecurity journey. The right solutions will be comprehensive and integrated to ease the burden on your IT staff, and will also preserve a productive, intuitive user experience that maintains integrity no matter where, when or how your employees work.
Daniel Spicer is Chief Security Officer at Ivanti.
Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.