How To Combat Ransomware With Visibility
In the first half of 2021, average ransomware requests increased by 518%, while payments increased by 82%. The United States alone was affected by ransomware last year. The number of healthcare attacks is increasing with 560 healthcare facilities. New attacks are getting headlines every week. How ransomware grows in a variety of ways, including social engineering attacks and the exploitation of vulnerabilities. We get cases of the real use of it. These events alone do not cost millions of dollars for recovery. But it also delays the treatment of patients. And maybe even lose a life. Combat Ransomware
In addition to working with Netskope healthcare clients, I also lead our corporate security operations. So obviously I’m worried about ransomware myself. What can happen, how can it be triggered. And since ransomware is so prevalent in organizations, organizations have begun to focus on other levels to combat attacks. Most organizations start with basic email security, deploying a Secure Email Gateway (SEG), but that doesn’t get you far. There is always a way for an attacker to push a link or file that crosses these controls. So we need to look at the attack vector as a whole.
Greater complexity increases the attack surface
The way we deal with ransomware today is changing because our users are changing. Our equipment is BYOD. And our data is no longer on the physical server in the on-premises data center. To which we have direct access. For the most part, it is now managed by another company elsewhere in the world. And is hosted on the monitored machine. Combat Ransomware Oddly enough, a lot of teams have let their guard down because of this. They assume their public cloud is encrypted. Someone else will step in and everything will go away like magic. They think so. The key cloud provider may restore all files to a previous version. And it’s not going to be very big. In some cases and with some providers this might be possible, but in some cases, it is not.
The risk factors associated
The risk factors associated with ransomware require a proactive approach to prevention and recovery, should the worst happen. It can really come down to one user doing a wandering click and then shutting down the entire network. As an attacker, I just need one click to put an entire business in jeopardy. When you look at 10% in a company of 1,500 people, that’s 150 clicks. People are going to make mistakes, even extremely smart, well-educated, and safety-savvy people. So if we never have a 100% protected environment, it’s a no-brainer. So how are we going to deal with them?
- Aside from whether you should ever pay a ransom, there are really two things to consider when it comes to preparing for a ransomware attack
- If your data is encrypted (or is lost or offline due to a disaster), you need to be able to restore your systems as quickly as possible.
Even after bringing your operations back online, you are still concerned that an attacker may have exfiltrated sensitive or private data as well.
The evolution to cloud-based recovery systems:
The recovery process is often the last thing on your mind. Disaster recovery and business continuity (DRBC) are probably the most difficult things to solve, and often the most overlooked. But if your organization is in the healthcare industry or part of critical infrastructure like utilities, downtime can have fatal consequences. Ensuring business continuity can mean the ability to keep working to save lives, which means the immediate recovery time will be very important.
In the past, we had to recover tapes from an archive to an offsite location to restore systems, and this could take days. A few years ago, many companies had backup systems in a hosted data center, which allowed them to restore from another server by replicating the data over the channel. It was much faster than tape backups, but it still had limitations. Today, cloud-hosted solutions make it much easier because they take snapshots of your data. For this reason, cloud storage makes DRBC much faster than legacy solutions which are always stuck in a mindset of physical servers and devices. To stay ahead of ransomware, companies need to step up their game and move to a next-generation cloud-based DRBC strategy. One of the main reasons that many organizations have not taken this critical step is because they are concerned about the security of these cloud environments.
Cloud Security Alliance (CSA)
A recent study by the Cloud Security Alliance (CSA) showed that security remains a top concern in cloud adoption for 58% of respondents. But that fear creates a different risk when it comes to fast, seamless recovery and business continuity after a debilitating outage, whether caused by ransomware, natural disaster, or whatever else. And the point is, compared to most older approaches to secondary storage, the cloud can offer better visibility and control over your data than servers in a physical data center. Your recovery time can be much faster, and your uptime can be much better.
Ensuring data visibility
In healthcare, it’s not necessarily just about regaining access to your data, but what else happened during that encryption process. Did the attackers damage the data? Was the privacy of your patients also violat during this attack? Not too long ago, a U.S. government cybersecurity alert specifically warned of the spike in ransomware activity targeting the healthcare and public health industry, specifically calling for threats that disrupt the community. both services and data theft.
The second part of preparing for ransomware is to establish full visibility of your data. Data classification makes this possible. You want to be able to inventory all your data by labeling it based on type, sensitivity, and location. Visibility helps us put policies in place to ensure sensitive information never leaves the organization, and it also helps block files that violate policies (such as ransomware stored in the cloud) based on their classification. . It simultaneously helps us keep the good things on the inside and the bad things on the outside.
With ransomware, you never know if a link or file has got through security checks in clever ways to trick someone into innocently opening it. The perfect example is someone applying for a job. A “job seeker” can send a Dropbox, Google Drive, Combat Ransomware, or OneDrive link to their CV or work example portfolio in response to an HR post, but what awaits them is ransomware, launched in your organization from the cloud platform. The attack vector has evolved from a file that needs to physically enter your network to deliver access from the edge.
When I think of ransomware, I start by thinking about how my users interact with external or even internal users. Business communications have transcended email and evolved into dedicated team collaboration tools. As a result, Combat Ransomware we are now increasingly seeing these tools being use as an attack vector. If an attacker feels that an organization has excellent email security and all of their users are well train to avoid email phishing attacks, what about a link to an email? Google Drive or Dropbox folder where the payload is located and it does not necessarily have to go through an email? Instead, it can come from Slack or Webex Teams. The attacker should simply be able to get a single click on a link to launch their malware and start the encryption process. Establishing transparent visibility and policy-based controls can help prevent this from happening.