Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.
Ransomware is an intensifying problem for all organizations, and it’s only going to get worse. What started as a floppy disk-based attack with a $189 ransom demands has grown from a minor inconvenience for organizations into a multi-billion dollar cybercrime industry.
The organizational threat of these types of attacks goes well beyond encryption of sensitive or mission-critical data – for many companies, the thought of a breach and data becoming publicly available on the internet makes a high ransom seem worth it. No wonder ransomware is on the rise: Organizations pay an average of $220,298 and suffer 23 days of downtime following an attack.
So, let’s dig deeper into what’s raised the stakes for these attacks, and how organizations can work to prevent them.
Ransomware Costs More Than Just Your Data Access
The uptick in ransomware attacks reflects what organizations have to lose, and as mentioned, it’s not just access to their mission-critical data.
For instance, think about the fact that companies that are victims of ransomware attacks can suffer days or weeks of downtime that not only render them incapable of conducting core business functions, but also cause inconveniences and additional risk for customers.
Also, when looking at ransomware attacks under the CIA Triad security model, these attacks not only compromise the availability of data, but also often the confidentiality and integrity of data. That’s because many atatcks are accompanied by data exfiltration. Exposure of that data can cause significant harm to a company’s overall reputation and ultimately cause them to lose key revenue streams to their competitors down the line.
Unfortunately, this means more companies are willing to pay up to protect themselves, and cybercriminals are finding new ways to cash in on this area of opportunity.
That said, paying threat actors for decryption keys doesn’t necessarily guarantee safety for your organization, as hackers can still sell the accessed data on the dark web.
For example, Coveware’s Q3 2020 Ransomware Report revealed that the Netwalker and Mespinoza ransomware gangs went ahead and published stolen data from companies that had paid for their data to not be leaked.
Thus, in ransomware, a strong defensive strategy requires consistently refreshing methods for threat detection, prevention, and response.
Staying One Step Ahead of Bad Actors is Challenging
Modern ransomware attacks typically include various tactics like social engineering, email phishing, malicious email links and exploiting vulnerabilities in unpatched software to infiltrate environments and deploy malware. What that means is that there are no days off from maintaining good cyber-hygiene.
But there’s another challenge: As an organization’s defense strategies against common threats and attack methods improve, bad actors will adjust their approach to find new points of vulnerability. Thus, threat detection and response require real-time monitoring of various channels and networks, which can feel like a never-ending game of whack-a-mole.
So how can organizations ensure they stay one step ahead, if they don’t know where the next attack will target? The only practical approach is for organizations to implement a layered security strategy that includes a balance between prevention, threat detection and remediation – starting with a zero-trust security strategy.
Zero-Trust Security for Ransomware Protection
Initiating zero-trust security requires both an operational framework and a set of key technologies designed for modern enterprises to better secure digital assets. It also requires organizations to continually verify each asset and transaction before permitting any access to the network whatsoever.
Verification can be done through various methods such as ensuring that systems are patched and up-to-date, implementing passwordless multi-factor authentication (MFA) and deploying unified endpoint management (UEM). Ensuring device hygiene through patch and vulnerability management is a critical component of a zero-trust strategy. What’s more, utilizing key hyper-automation technologies such as deep learning capabilities can help security teams ensure that all endpoints, edge devices, and data are discoverable, managed and secured in real-time.
In addition to implementing the necessary technologies to assist with threat detection and prevention, organizations should consider going one step further by taking part in drills to test their responses to ransomware attacks. Having a recovery plan in place can play a vital role in minimizing the time it takes to assess the threat at hand – and ultimately determines whether your organization will be forced into paying the ransom to get its mission-critical data back and systems running once again. Practice makes perfect, and this is no different for an organization’s security strategy.
Predicting the Unpredictable
It is impossible to predict what the next wave of ransomware threats will utilize as their next attack method – but that doesn’t mean organizations can’t prepare for these challenges. By implementing a zero-trust security strategy, companies are better positioned to keep tabs on all connected devices and networks, detect and respond to threats in real-time, and thwart potential attacks before damaging the organization’s overall function and reputation. Ransomware gangs have upped their game, and cyber-hygiene has never been more important.
Daniel Spicer is CSO at Ivanti.
Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.