Anti-Ransomware
Day reminds organizations to keep themselves safe against ransomware. With a
ransomware attack taking place every 19
seconds,
organizations must ask themselves: are we prepared?
Ransomware
can exfiltrate data and bring business operations to a halt, leading to
financial, reputational, and personal loss. As adversarial tactics become
increasingly advanced, security teams need sufficient resources to safeguard
their networks and protect against such attacks. Read below for expert insight
into how businesses can protect themselves this Anti-Ransomware Day.
Christopher Rogers, technology evangelist at Zerto, a Hewlett-Packard
Enterprise company
"Anti-Ransomware
Day falling on the anniversary of the infamous 2017 WannaCry attack is a stark
reminder of just how devastating sophisticated cyber attacks can be. Infecting
more than 300,000 computers across 150 countries and costing the global economy
approximately $4 billion, it is
unquestionably one of the most significant ransomware attacks the world has
ever seen.
"Thankfully,
since the end of 2017 (which was also the year of NotPetya) we have not endured
an attack on a similar scale. However, ransomware is far from a waning threat;
in fact, it's only just entering its ‘golden age'. Recent research has
demonstrated that last year 61% of disaster recovery
responses were triggered due to ransomware and it took businesses an average of
21 days to recover.
"So,
with ransomware only increasing in frequency and sophistication, prevention and
recovery methods are no longer enough. It's time to embrace resilience.
According to Gartner, "isolated recovery
environments (IREs) with immutable data vaults (IDVs) provide the highest level
of security and recovery against insider threats, ransomware, and other forms
of hacking". This means organisations need to be investing in technology such
as isolated and air-gapped vaults that provide the means to protect, detect,
and recover from ransomware attacks in any environment.
"In
2023, the threat of ransomware is not an ‘if', it's a ‘when'. By taking
advantage of the right technology and embracing resilience, organizations can
ensure that when an attack occurs the damage and downtime are a fraction of
what they could be."
++
Randeep Gill, Principal Cybersecurity Strategy, Exabeam
"There
was a time when endpoint technology stood relatively strong in two key areas.
On the one hand, the traditional anti-virus/malware agent served as a
stand-alone protector against recognized threats by drawing attention to
unusual activity and lowering noise. On the server side, endpoint technologies'
application control helped determine what should be running, how it should be
running, and by whom.
Unfortunately,
endpoint detection and response (EDR) solutions, which were initially designed
to identify behavior and were utilized for forensic examination by analysts,
also have a high susceptibility to exploitation themselves.If an adversary were
to take advantage of an EDR tool, they would have access to variety of an
organization's telemetry, including user and identity authentication, access to
files, system variables and key business applications. All of which increases
the scope through which ransomware can be deployed.
On
Anti-Ransomware Day, I wanted to remind enterprises to go beyond just EDR solutions
to improve security posture and mitigate the risk of a ransomware attack.
Security teams need complete and holistic visibility across any environment -
which includes, but is not limited to, endpoint logs. In order to paint a full
picture, CISOs and their security teams must be able to monitor user and device
behavior across the whole network to distinguish between normal and anomalous
behavior."
++
Justin McCarthy, CTO and co-founder, StrongDM
"Anti-Ransomware
Day is a great reminder of the importance of regularly examining identity and
access management practices. After all, before ransomware can get disseminated,
an adversary has to gain initial access into a network. With Verizon reporting
that 61% of all security breaches involve the exploitation of
credentials,
and StrongDM
reporting that 55% of organizations maintain backdoor access to infrastructure, it's very likely a
majority of ransomware incidents are spurred by poor access management
practices.
With
as distributed as our world has become, it's imperative that executives and IT
teams consider applying the principle of least privilege (PoLP) and take a
zero-standing privilege approach. Doing so ensures that credentials only exist in
the moments they're needed, that every action is secure and auditable, and that
credentials are essentially removed from the equation entirely. By limiting
access as much as possible, organizations will reduce their attack surface and
help mitigate the risk of ransomware."
++
Arti Raman, Founder and CEO, Titaniam
"Protecting
data from the threat of ransomware remains a priority for CISOs and
cybersecurity professionals. This Anti-Ransomware Day, we must practice proper
cyber hygiene, by adding data security in the form of encryption, not only at
rest and in transit but also in use. Encryption and other in use controls such
as tokenization dramatically decrease red blast radius from ransomware attacks
since they make stolen data unusable for extortion.
Despite
a decrease in ransomware attacks in 2022, in 2023, there have been more
advanced ransomware strains that are a larger concern due to newly developed double extortion
techniques. We can combat these attacks by investing in encryption-in-use that
stays in place even if bad actors get their hands on valuable data therefore
making it illegible and unusable as a source of leverage.
Threat
actors used to extort data by accessing data from large repositories and also
backed-up information. Now, new
forms of ransomware can exploit VPN vulnerabilities and garner continuous access to
proprietary information. Organizations must invest in proactive data security
controls to counter this threat."
++
Aaron
Sandeen, CEO and co-founder, Securin
"Anti-Ransomware
Day serves as a reminder of the looming threat of ransomware and how enterprise
leaders need to be aware of cyber threats to keep their business safe.
Ransomware attacks have continued to terrorize enterprises since the 2017
WannaCry attacks by the Lazarus group. In 2022 alone, IBM reported an average ransom payment
of $812,360, with the total cost of a ransomware attack on an enterprise being
$4.5 million on average.
To
combat this ever-present threat, organizations need to prioritize the detection
and prevention of threats over recovery. Implementing strong security measures
across the board, from patching software to employee training, all play a
pivotal role in ensuring a strong security posture. Enterprises can eventually
recover from a ransomware attack, however, prevention is the ultimate goal for
a proactive cybersecurity strategy."
Stay informed and take
proactive measures to safeguard your organization by leveraging Securin's ransomware
knowledge and expertise."
##