5 Defenses Against Ransomware Attacks You Can Take Now
Share with Your Network
Within the first four months of 2021, just six hacker groups had already extorted more than $45 million from 292 organizations held hostage by ransomware. Some of these attacks have been well publicized both for the higher profile of the target (automaker Kia and the National Basketball Association, to name two) and the economic upheaval it caused (Colonial Pipeline).
Ransomware is big news because ransomware attacks are insidious and unlike any other type of cybercrime: Ransomware criminals don’t just infiltrate your infrastructure and steal data or compromise services, like other attackers might; they actually kidnap your operations and hold them hostage until you pay the perpetrators a ransom in cryptocurrency. That’s disruptive to any business, but to healthcare organizations, governments and utilities, it’s devastating and potentially life-threatening. (And, in fact, ransomware criminals love to attack those organizations because in many cases, such as with smaller hospitals or municipalities, their Security and IT staffs often are under-budgeted and under-resourced, making them favorite targets for easy money.)
Guidance about what to do in the event of a ransomware attack is readily available (CISO Magazine outlines four tips that are bound to prove useful). But after decades helping organizations of all sizes prepare for the next cybersecurity threat, I can say a well-planned response is absolutely necessary. You’ll want to develop an incident response plan and a secure and independent backup recovery strategy, and you’ll want to test both of them regularly. You may even want to secure cyber insurance. All are part of a well-planned response.
But just as important is a well-resourced defense. Here, then, are a few pointers to get you started on defending your infrastructure, data, applications and brand for whatever’s next.
5 ways to defend against a ransomware attack
1. Understand common ransomware TTPs. Understanding how attackers work, and specifically the attack vectors they most commonly use, will help you identify their tactics, techniques and procedures. You can research this independently, but our own Director of Security Research Jerry Gamblin offers a terrific overview here.
2. Train your people, but don’t assume that’s enough. One of the most common ways ransomware attackers infiltrate your environment is by luring employees to click on the wrong file or email link. Today’s phishing campaigns can be remarkably sophisticated: A couple years ago, an industry colleague described a phishing attack at his company where employees received emails that, by all accounts, appeared to come from the CEO. It’s hard not to respond to your boss’s boss’s boss, but this small software firm had exceptionally security-aware employees and no one fell for it. My colleague’s company got lucky. Recent research shows training workers to spot cybersecurity trouble isn’t enough, with the majority of recently trained employees failing a simple seven-question cybersecurity test. Our Vice President of Product Marketing Monica White explains what the research reveals, and what it means for you.
3. Tighten your perimeter. It sounds elementary, and it is, but a tight perimeter helps reduce your attack surface. Nail down your Remote Desktop Protocol, establish a list of safe and approved applications that a system can access, and establish roles and administrative permissions via least privilege access policies. Make it harder for ransomware attackers to get in.
4. Predict the next exploits. Security and IT professionals working for smaller enterprises might assume advanced exploit prediction capabilities are beyond their reach—both in terms of expertise and budget. But a new generation of tools, built on machine learning, data science and powerful predictive algorithms, is now available that automates these highly complex processes, analyzing massive amounts of threat and vulnerability data, and building insights around all that data to make it meaningful. Even a robust remediation program can only address 10% of vulnerabilities. Vulnerability intel powered by machine learning helps you make informed decisions so you can commit finite resources toward remediating the vulnerabilities that matter most. Even more good news: The most advanced solutions, like those available from Kenna Security, now part of Cisco, can predict the weaponization of a vulnerability with 94% accuracy.
5. Give attackers fewer targets. Because it can take just one employee clicking on the wrong email link to let the bad guys in, even the largest, most well-resourced organizations can fall victim to ransomware attacks. (And the more far-flung your perimeter, the tougher it can be to lock it down: Marene Allison, CISO of Johnson & Johnson, recently revealed the pharmaceutical giant experiences 15.5 billion cybersecurity incidents a day. I’ll just wait here while you pick your jaw up off the floor.) So given no perimeter is bullet-proof, a critical defense for every organization is to ensure attackers have fewer places to go in your infrastructure. And that boils down to patching the vulnerabilities that pose the greatest risk to your organization. Here’s where that new generation of tools comes in: By taking a risk-based approach to managing your vulnerabilities, you’ll have the actionable insight you need to identify, prioritize and remediate the 2%-5% of vulnerabilities in your environment that are likely to be weaponized. A risk-based vulnerability management program cuts through and clarifies, aligns Security and IT around a common goal, and drives down your risk posture overall. It’s one of the most effective ways to harden your infrastructure to threats of all kinds, including ransomware.
Engage with Customer Success to build or enhance your plan
A good place to begin in this journey is to consult with the experts—in this case the Customer Success professionals who have helped you deploy and manage your Security environment. Your Customer Success team will help you implement best practices they’ve acquired working with organizations of all types. And no one better knows your environment, where it could use some added fortification, and how to establish a roadmap for success.
And I’ll repeat a point I made earlier: When you take these steps to protect your organization from ransomware attacks, you’ll also protect it from a wide array of other attacks. And, as any Security professional will tell you, that’s just good policy.