14 Insights on How To Prevent a Ransomware Attack and Avoid Being the Next Headline

Along with the pandemic, the first half of 2021 was riddled with some of the biggest ransomware attacks. In early July, REvil demanded $70 million in ransom, the highest ever, but has since reduced it to $50 million. The rise of remote work propelled by the pandemic has resulted in the sharp rise of cyberattacks and ransoms this year. According to ReutersOpens a new window , up to 1,500 businesses were affected by ransomware attack.

Additionally, experts estimate that a ransomware attack will occur every 11 seconds in 2021. According to Vishal Salvi, CISO, Infosys, brands are at a risk of losing as much as $223 billion today. This proves that a company’s reputation is based on its speediness to protect consumer data making cybersecurity the biggest business differentiator, he adds.

Considering how hackers exploit the security perimeter in a ransomware attack, Andrew Rabie, SVP and head of IT and security, HUMAN Security, believes that hackers are growing more sophisticated, and businesses are less equipped to protect themselves from new tactics. “Threat actors exploit the fact that security teams aren’t as prepared to follow current ransomware trends with new threats, compared to where they were 3 to 5 years ago,” Rabie explains.

As more and more companies look for security strategies to prevent a ransomware attack, it is vital for security leaders to understand:

• • Which are the biggest system loopholes that hackers exploit in a ransomware attack?
  • How can enterprises overcome them?
  • What are some of the best ways to prevent your company from becoming the next headline?

1. Adopt an Identity-Driven Approach To Secure the Corporate Network

“Phishing emails remain one of the top attack vectors of ransomware. Adversaries have nefariously leveraged the fear and uncertainty surrounding the pandemic to increase the success rate of phishing attacks. Ensuring cybersecurity responsibility at all levels; creating awareness to avoid phishing emails; and investing time, effort, and resources to keep remote and cloud platforms updated can help prevent ransomware attacks.

“The best way to prevent ransomware attacks is to improve detection and defense systems at endpoints. Patch all the public-facing systems and platforms that extend your network perimeter, like VPNs, remote desktops, and applications hosted in the cloud, to avoid data extortion and leaks.

Adopt an identity-driven approach to secure the corporate network. Identity is now at the heart of cybersecurity. Deploy single sign-on, multi-factor authentication, the principle of least privilege, and zero trust to protect user identities and stop intrusions.

“Discard disconnected security solutions that operate in silos. Implement effective security orchestration. Let your user and identity management team, network operations center, and security operations center communicate with each other seamlessly to provide a holistic view of your network’s security and enhance your network security posture.”

Also read: Why Cybersecurity’s Latest Buzzword, Zero Trust Needs a Simple Approach in the Hybrid World

2. Invest in People To Build Security From Inside Out

“One of the biggest reasons why several ransomware activities have successfully compromised security is because they target the weakest link – people. Through several phishing campaigns, they easily breach security of systems and networks simply because of lack of awareness among the employees.

The solution therefore is to invest in people who are the living defense systems of every organization.

Nurturing and training these resources to the required maturity and equipping them with information and tools is like building security from inside out.

“Hackers are likely to take the easiest path to exploitation. Malicious emails, password reuse, misconfigured and unpatched systems are often used by bad actors to enter an organization’s infrastructure. Once in the environment, bad actors can move around and infect critical systems and data.

“Start with security awareness and educate employees about best practices. For example, empowering your team to identify and report phishing emails can help to prevent the potential for ransomware attacks.”

“Security tooling can help mitigate the risk to some extent, but to address this challenge, I believe you must start with people. Education and awareness can’t be a checkbox during onboarding, but rather need to be continuous processes.

“Identify your biggest risk and take efforts to reduce it until it’s no longer your biggest risk. Continue doing that. Try to share the right information at the right time to ensure that the business is making well-informed decisions.”

Also read: Can Backup Data Be Trusted After a Ransomware Attack? 3 “I’s”for Steadfast Resiliency

3. Put Money into Data Backup Solutions Instead of Anti-Ransomware Solutions

“To dissuade evolving attacks, ransomware payments should never be paid. Businesses pay to recover their data, but don’t realize that by acquiescing, they keep incentivizing criminal behavior. Criminals’ enterprises adapt fast and follow where it makes financial sense, if they keep receiving payments, they will only spur other criminal actors to follow suit.

Employ tactics to avoid burnout of cybersecurity teams as a weary defender could miss something and have businesses reconsider some of their data practices. Companies should only hold onto data for the shortest period, before completely deleting it.

“Not only will this reduce the risk dramatically, but it encourages a better customer understanding of what a company does with the data it does collect. Alongside this, businesses should invest in robust backup solutions instead of anti-ransomware solutions.”

“The three most common ransomware vectors are remote desktop protocol (RDP) compromise, email phishing, and software vulnerabilities. The following is recommended to mitigate:

• • • Limiting RDP use and ensuring it is behind VPN with MFA
    • Conducting regular phishing awareness training, regular phishing tests, using “External” email markers in the subject line, and having a phish report button
    • Patching software in a timely manner and ensuring software centers and golden images have up to date versions

The best way to avoid being in the headlines is to enhance your overall cybersecurity hygiene while also planning for falling victim. Do this planning by ensuring you have robust backups in the cloud so that you can quickly recover with minimal downtime. Cloud-first approaches also increase your resiliency and decrease the need for backups.

4. Implement Spam Filters and Frequent Software Updates To Provide a Safety Net

“It is important for enterprises to understand that they shouldn’t address one vulnerability at a time. The threats must be addressed comprehensively across the whole enterprise. The engagement and commitment of management, supported by subject matter experts in security, IT, compliance and legal is critical to successfully mitigating the risk of ransomware.

“Other measures such as implementing spam filters, frequent software updates and up-to-date backups are critical as well, reducing the number of attack vectors and providing a safety net in case an attack is successful.”

Also read: CNA Financial Pays $40 Million Over March Ransomware Attack, the Highest Known Ransom Payout

5. Use Air-Gapped Backup Systems To Keep Sensitive Data Inaccessible

“There are several best practices security leaders should adopt to prevent their company from becoming the next headline. The first and most practical step to prevent successful ransomware attacks is to develop and execute a comprehensive systems backup strategy.

Part of this strategy should include regular verification that data is archived as expected, tests of full system recovery capabilities and using air-gapped backup systems.

“Since ransomware attackers regularly search for mapped and automated backups (and seek to destroy those as well), an air-gap technique is critical to keeping sensitive data inaccessible from the internet and beyond attackers’ reach.”

Also read: Accenture Now the Fourth Ransomware Victim to Be Demanded $50M or More in 2021

6. Digitalize the Data Supply Chain With Cybersecurity Monitoring

“Today’s lapses in security are not always linked to the physical product supply chain, but an adjacent data chain. This can be particularly troublesome when working with many businesses. Effective cybersecurity strategies require an in-depth understanding of the connections and flow of information between systems, and a keen understanding that in a distributed environment, vulnerabilities can happen at multiple points of entry across the value chain.

IoT enabled devices connect products to other devices and systems, and these entry and end points across the connected cloud must also be considered.

“First, look at the product. Take into consideration the supply chain usage, vendors, as well as factory assessments for cybersecurity. Next, identify the adjacent data supply chain. This adjacent chain is fueled by products integrated with personalized capabilities and/or industrial control systems collecting data from operational technology. Finally, combine both the product supply chain and the adjacent data chain into an information network that can assess risk. Ultimately, digitalization of the supply chain, and extended supply chain transparency and visibility, combined with cybersecurity monitoring and security can help secure the supply chain.”

Also read: New Ransomware Task Force (RTF) Report Urges More Aggressive Measures To Track Cryptocurrency

7. Implement Asset and Vulnerability Management Controls on All Business-Critical Systems

“Companies also must consider public appearance. Cybercriminals can build profiles of targets using data on public tools like LinkedIn. If you don’t have anyone on your employee list with a cybersecurity background, you may be setting yourself up as a target. Hackers also do their homework and read industry news. If you just acquired a company or sold your company and issued a press release, you can be sure they know too.

To keep themselves out of the news, executives and their boards should focus on having IT/Security teams implement foundational controls that are common to all cybersecurity standards, such as configuration, asset, and vulnerability management on all business-critical systems. One of the most exploited threat vectors in ransomware attacks is unpatched vulnerabilities.

“Having the proper asset awareness allows teams to quickly prioritize patching and mitigation efforts for the open vulnerabilities in their systems. This reduces the risk of being ransomed in the first place. Having a proper understanding of your assets and their configurations will enable faster incident response if you are compromised.”

8. Apply Multi-Factor Authentication for Remote Management

“A recent survey of Veeam customers revealed that the largest two sources of ransomware are spam email and the remote desktop protocol (used for remote management). Protecting an organization from malicious email requires a combination of filtering technology and user education, while applying multi-factor authentication for remote management is always a best practice.

“Today, organizations must rethink past strategies and responses to attacks, and presume there is a perpetual state of compromise to their data taking place. Prioritize testing strategies often to ensure that what your team has in place works and cut down response time for when attack does happen. Know exactly what to do and how to do it to minimize lasting effects.”

“Patching remains one of the biggest issues I see every day. Legacy systems often don’t get the patching they need, and they become the entry point for the attackers. Having a comprehensive inventory, patching policy, and patch reporting can help this.

Another big hole is not requiring the use of multi-factor authentication (MFA or sometimes called 2FA) for not just user access, but more importantly for admin or accounts with elevated permissions. Hackers will have a much easier time accessing a system or environment if MFA is not being used. In many cases, just the use of MFA would eliminate many of the initial attack vectors that hackers are trying to leverage.”

Also read: Global Task Force Seeks To Curb the Ransomware Menace, Here’s What They’re Proposing

9. Deploy an Incident Response Plan To Mitigate Threats

“Avoiding being in the news for the wrong reasons starts with understanding where weaknesses exist in software systems. Weaknesses could be in people or processes, as well as software and configurations.

Businesses must have an incident response plan that is aware of the software used in specific parts of the business. That incident response plan is informed by threats identified against the business and how those threats are mitigated.

“Software is everywhere, it’s imperative these models reflect how software was tested and deployed. Only then can you have confidence that you’re able to defend against specific attacks.”

Also read: Hands Off My Laptop: Why Remote Work Has Changed Endpoint Security Forever

10.Take Advantage of Data Warehouses To Isolate Data From Client-Facing Infrastructure

“Enterprises need to train people on good behavior regular, automate patch management and vulnerability scanning, and layer and isolate networks. There are several general best practices that can help fend off ransomware, including layering security and networks, backing up everything, shifting to secure offsite locations, training employees on phishing, malware, and good web habits, and deploying endpoint security software. What some companies don’t concentrate on enough is often the simplest, most straight-forward strategy: practicing good security hygiene. They should also take advantage of data warehouses which allow clients to isolate data from client-facing infrastructure.”

11. Combine Endpoint Detection and Response With Employee Awareness Program To Mitigate Social Engineering

“When malware, or an interactive attacker finds their way onto the network, mitigating measures like security policies, segmentation, or the principle of least privilege are often poorly implemented, or poorly maintained allowing the attack to spread virtually unhindered throughout the network, the results can be devastating. Prevention and endpoint detection and response technologies should be complimented with an effective employee awareness program to mitigate social engineering.

Ensure employees have regular (at least annual) cybersecurity training that covers how to spot social engineering attempts. No matter how advanced security technologies become, users will always be the first and often best line of defense.

“For companies with IT and security teams struggling to verify incident alerts and monitor systems continuously, consider the managed detection and response (MDR) model to augment efforts. Last, if you do get hit by ransomware, have a recovery plan in place where departments and stakeholders know exactly what to do to get operations back online as quickly as possible – without paying the ransom.”

Also read: Mitigating the Impact of Ransomware Attacks With Business Continuity Planning

12. Put Your Trust in Zero Trust To Fill the Gaps in Data Coverage

“If there’s one industry that never stops changing, it’s the security industry and now is no exception.  The new proactive security approach du-jour is all about a concept called ‘zero trust’. The concept for zero trust turns the table on traditional perimeter-based security where the assumption is that what’s behind the firewall is safe. Instead, it assumes breach and verifies every request regardless of whether it originates internally or from an outside network. There’s more to just that of course including the concept of micro segmentation of data, apps, network, etc. while applying rich intelligence, just-in-time, and least privilege principles.

“As enterprise security officers look at these zero trust toolsets and options available today, I would strongly suggest they look at solutions that will give them better visibility into what their users are doing with their systems. This is because it relates to productivity and looking at gaps in their coverage which gives them the biggest bang for their buck in terms of protection.”

13. Empower the CISO To Make Critical Security Related Changes

“Leadership that does not understand the importance of security can fail to build the culture of security awareness and secure practices in their organization. It could be too late to deal with a crisis if sensible strategies are not put in place to empower employees with the knowledge needed to protect data, systems, and networks in their custody.

“While there are no set procedures for applying security strategies, there are a few best practices such as: building a strong security culture across the organization, empowering the CISO to make critical security-related changes within the organization, backing strategy with right investment in people, processes and technology, integrating cyber risk management into the overall risk management framework of the company and maintaining robust corporate governance of the supply chain can be considered to secure business operations and environment.”

14. Create Data Backups at Multiple Locations To Restore Function and Investigate Quickly

“Ransomware impacts companies the most when their data is inaccessible. Having data backups at multiple locations allows businesses to restore function while working with partners to investigate the issue. Test your business continuity and disaster recovery plans to validate that the data can be restored safely without further compromising the environment.

“Remember, practice makes perfect. Conducting tabletop exercises and reviewing policies and procedures with employees will increase confidence in a company’s response to a ransomware attack.”

Say No to Ransom Woes

From a survey conducted by Cybereason with 1,263 companies, 80% of victims who submitted a ransom payment experienced another attack soon after, and 46% got access to their data but most of it was corrupted. This strengthens the need for following good cyber hygiene and eliminating all loopholes in password security even more.

“Closing loopholes means practicing cyber hygiene, and ensuring you have a good outward-facing profile,” Crowley remarks. “Good cyber hygiene means understanding and monitoring the basics, like password security, understanding the software in your environment, and staying up to date on patching vulnerabilities,” he adds.

What best practices your company is following to prevent a ransomware attack? Share it with us on LinkedInOpens a new window , FacebookOpens a new window , and TwitterOpens a new window .