Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Defending against ransomware will go to zero trust, says Daniel Spicer, CSO, Ivanti. Ransomware Attacks

Ransomware is an escalating problem for all organizations, and it will only get worse. What started as a floppy disk attack with a $ 189 ransom note has grown from a minor inconvenience to organizations into a multibillion-dollar cybercrime industry.

The organizational threat from these types of attacks goes far beyond the encryption of sensitive or critical data – for many organizations, the idea of ​​a breach and publicly available data on the internet makes a high ransom seem like it is. worth it. No wonder ransomware is on the rise: Organizations pay an average of $ 220,298 and experience 23 days of downtime following an attack.

Ransomware costs more than just data access

The rise in ransomware attacks reflects what organizations have to lose, and as mentioned, it’s not just access to their critical data.

 essential business functions, but also causes inconvenience and inconvenience. additional risks to customers.

Additionally, when looking at ransomware attacks as part of the CIA Triad security model, these attacks not only compromise data availability but often data confidentiality and integrity as well. Indeed, many attacks are accompanied by data exfiltration. Exposing this data can significantly damage a company’s overall reputation and ultimately cause it to lose key revenue streams to its competitors.

Unfortunately, that means more businesses are willing to pay to protect themselves, and cybercriminals are finding new ways to take advantage of this area of opportunity.

That said, paying threat actors for decryption keys doesn’t necessarily guarantee the security of your organization, as hackers can still sell the viewed data on the dark web.

For example, Coveware’s Q3 2020 ransomware report found that ransomware gangs Netwalker and Mespinoza went ahead and released stolen data from companies that had paid to keep their data withheld. .

Thus, in ransomware, a strong defensive strategy requires constantly updated methods for detecting, preventing and responding to threats.

Staying one step ahead of bad actors is a challenge

Modern ransomware attacks typically include various tactics such as social engineering, email phishing, malicious email links, and exploitation of unpatched software vulnerabilities to infiltrate environments and deploy malware. This means that there are no days off to maintain good cyber hygiene.

But there’s another challenge: As an organization’s defense strategies against common threats and attack methods improve, bad actors will adjust their approach to find new points of vulnerability. So, threat detection and response require real-time monitoring of various channels and networks, which can feel like an endless game of punching.

So how can organizations make sure they stay one step ahead if they don’t know where the next attack will target? The only practical approach is for organizations to implement a multi-layered security strategy that includes a balance of prevention, threat detection, and remediation, starting with a zero-trust security strategy.

Zero-Trust Security for Ransomware Protection

Initiating zero-trust security requires both an operational framework and a set of key technologies designed for modern businesses to better secure digital assets. It also requires organizations to continually verify every asset and transaction before allowing any access to the network.

Verification can be performed by various methods such as ensuring that systems are patched and up to date, implementing Passwordless Multi-Factor Authentication (MFA), and deploying Unified Endpoint Management ( UEM). Maintaining device hygiene through patch and vulnerability management is an essential part of a zero-trust strategy. Additionally, the use of key hyper-automation technologies such as deep learning capabilities can help security teams ensure that all endpoints, edge devices, and data are discoverable, managed, and secure. real-time.

In addition to implementing the technologies necessary to help detect and prevent threats, organizations should consider going further by participating in exercises to test their responses to ransomware attacks. Having a recovery plan in place can play a critical role in reducing the time it takes to assess the current threat and ultimately determine whether your organization will be forced to pay the ransom to recover its critical data and get their systems working again. . Practice makes perfect, and it’s no different for an organization’s security strategy.

Predict the unpredictable

It’s impossible to predict what the next wave of ransomware threats will use as their next attack method, but that doesn’t mean organizations can’t prepare for these challenges. By implementing a zero-trust security strategy, organizations are in a better position to keep tabs on all connected devices and networks, detect and respond to threats in real-time, and thwart potential attacks before they harm function and performance. the overall reputation of the organization. Ransomware gangs have improved their game, and cyber hygiene has never been more important.