Is ransomware becoming the next “pandemic”, and how can organizations in the region protect themselves against it?
Given the current growth, scale and frequency of ransomware attacks, we already consider this phenomenon a “pandemic”. Cyber-attacks are already both extremely sophisticated and highly disruptive, therefore it is essential to have visibility of threats, vulnerabilities and weaknesses across the entire network –including endpoints and user activities, to help mitigate cybersecurity attacks – including ransomware.
A combination of the “right” tools, policies, processes and user awareness is extremely important.
Typical ransomware variants take between 3 to 30 seconds to detonate and encrypt its target machine. Unfortunately, signature-based detection and response tools such as next-generation anti-virus are not capable of identifying polymorphic ransomware as well as file-less or in-memory variants. As such, it is necessary to deploy EDR (Endpoint Detection & Response) tools with a protection policy applied. The primary attack vector is often stolen or compromised credentials, unpatched systems and unfortunately, end-users falling victim to phishing attacks or unknowingly downloading malicious software on their machine.
To protect against ransomware threats, organizations must continuously scan for critical vulnerabilities, be diligent in patching or remediating those vulnerabilities, deploy protection controls such as EDR with a 24×7 Security Operations Centre (SOC) to monitor and manage that EDR (or outsource it to a security service provider who can provide a Managed EDR service) and lastly, ensure that there are regular cybersecurity awareness trainings for users as well as phishing tests campaigns.
Tools and software alone are inadequate for tackling multifaceted cybersecurity threats such as ransomware and other advanced persistent threats (APTs). Attackers often exfiltrate sensitive data and use it as leverage to force victims to pay the ransom, and it is no longer sufficient to focus purely upon cyber-defense mechanisms that can help the responder recover from an attack. Nowadays, organizations must also have robust systems and processes which will alert them to the first sign of an intrusion, well before an actual attack is carried out.
It is imperative to have dedicated security experts who are accomplished at hunting, identifying, analyzing and mitigating nascent cyberthreats. Nevertheless, for most organizations, it is likely to be both time and cost prohibitive to have their security analysts continually trained in identifying and mitigating every single threat. Instead, it is more advisable that they bring in a managed security service provider (MSSP) such as Lumen, which has one of the largest and most deeply peered IP backbones in the world, giving us expansive, near-real-time visibility into the threat landscape.
With the surge in cloud adoption and supply chain attacks, what are some important steps that an organization can take to avoid becoming the next victim? For organizations to protect themselves against ransomware and other cyber-attacks, it is necessary to assess and examine their security posture. Prior to doing so, the first step would be to identify the assets the organization owns, especially the ones that need most protection.
Without asset visibility, or understanding of the infrastructure ecosystem, it is impossible to understand which vulnerabilities and threats are relevant to your organization. These are some key questions that can help organizations determine their security posture:
- Do you understand how you collect, process, store and manage critical data in your organization?
- How robust and up to date is your organization’s cybersecurity strategy?
- Do you have the systems and processes to accurately assess vulnerabilities on your organization’s IT infrastructure, network, and devices to evolving threats?
- Are your security controls documented, established and strong enough for the posture you require based on your organization’s risk appetite?
- Do you train your employees on cyber awareness and are you prepared with an Incident Response Plan?
Ultimately, there are no shortcuts to adopting basic cyber hygiene habits. It is necessary that an organization enforces the same policy and treatment on their enterprise application workloads and systems, whether they are running internally on-premise or on the cloud.
With cloud services, it is crucial that organizations ensure that all accounts across the board are protected by multi-factor authentication with account access and follow routinely audited and good security practices. Services hosted in the cloud should also be up to date with active monitoring for suspicious activity such as high usage rates. In short, organizations need to harden these systems, scan them for vulnerabilities, patch and remediate diligently, and ensure that they enforce the same policies on these workloads.