Virtualization Technology News and Information
Ransomware's Worst Nightmare: Privileged Access Management

Written by Tyler Reese, Senior Product Manager at One Identity 

Ransomware attacks are an increasing cyber struggle for organizations across the globe. With devastating attacks from headline-grabbing ransomware strains like LockerGoga and SamSam knocking organizations ranging from local small businesses to the Fortune 500, from hospitals and healthcare systems to critical infrastructure offline, it can feel like it's only a matter of time before your businesses become the next victim.  

The favored advice to protect against a ransomware attack is to have an extensive back-up and recovery plan, which should enable a business to quickly bring operations-critical systems and data back online in the event of an attack to avoid prolonged, disastrous disruption. Often, ransomware takes businesses by surprise, and getting servers back up and running can be time-consuming and costly. In fact, recent research found that the average downtime following an attack increased from 6.2 days in Q4 2018 to 7.3 days in Q1 2019, and costs businesses on average per attack $65,645. In extreme cases, the cost of downtime can be more costly to the business than paying the ransom itself. 

So, if your business cannot afford to pay the ransom and the downtime while executing a recovery plan is becoming increasingly more expensive, how can you effectively recover from a ransomware attack?  

There is only one true resolution to this question, which is to not let the attack happen in the first place. This may seem like an impossible feat, but it is in fact achievable. Let's explore some critical steps to mitigate the risk of a successful ransomware attack against your business. 

Understanding the Path of a Ransomware Attack 

Key to preventing a ransomware attack is understanding how ransomware works in the first place and how these attacks are executed against organizations' networks and systems.  

Ransomware is essentially a package of multiple malware attacks. These attacks are commonly executed through spearing-phishing scams that trick a user into downloading malware onto their computer. An example of spear-phishing is an email that appears to be from a trusted source, like a boss or IT administrator, that prompts the user to open a malicious link and trigger the download. 

When activated, these attacks move stealthily through the computer system looking through every application and file on the user's computer, ultimately in search of privileged credentials that give the bad actor access to businesses' most sensitive data, files, and systems. If privileged credentials are found and account access is granted, these nefarious attackers can gain control of an organization's IT systems, halt critical business processes, and sit back and await the ransom payment - all while that organization loses dollars every second that goes by due to stalled operations. 

Defense through Proper Privileged Access Controls & Processes 

While the potential destruction of ransomware is certainly a valid concern, there is one important thing to keep in mind about this attack method: it's only as destructive as the access it is able to gain within a network. In other words, if an organization can prevent ransomware attackers from ever gaining privileged account access, the effectiveness of the malware is significantly reduced. 

By implementing a robust privileged access management (PAM) processes, an organization no longer leaves its privileged users vulnerable to their own accounts. So what exactly are the components to a rock-solid PAM program? Let's explore a few best practices: 

  • Leveraging a password vault: This ensures access to privileged accounts are only given on a session-by-session basis. This is done through a tight chain of security that provides a new password to the authorized privilege account user for each use.[Text Wrapping Break] 

  • Monitoring and recording all privileged sessions: Privileged session management should enable centralized policy enforcement with real-time monitoring and recording to determine if a user is displaying suspicious behavior, and terminating a session if those policies are violated.  

  • Tapping the power of behavioral biometrics: Leveraging machine learning, behavior biometrics monitors and learns privileged users' behavior within a network, such as keyboard strokes and mouse movements, continuously over time. This allows for a continuous authentication approach with quick detection of suspicious movements within these accounts.  

  • Always sticking to the principle of least privilege: Grant users only access to data and parts of the network that are necessary to do their work, and nothing more. This practice also involves "renting privileges" to users so they are able to download certain scanned and approved software.  

Ransomware can have a devastating impact to organizations of all sizes and in every industry, but it doesn't have to. By understanding the course of a ransomware attack and implementing effective PAM best practices - including password vaults, privileged session management, behavioral biometric analytics, and using the principle of least privilege - organizations can shut the door on these business-crippling attacks.


About the Author

tyler reese 

With more than 15 years in the IT software industry, Tyler Reese is an expert in the rapidly evolving identity management and privileged access management (PAM) challenges businesses face. As Product Manager, PAM at One Identity, Tyler is laser focused on evaluating PAM market trends shaping the needs of end-users.  

Published Wednesday, July 24, 2019 7:20 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2019>