How can you prepare for ransomware attacks?

If there’s one thing security professionals have learned in the past few weeks, it’s that no organization, regardless of size, sector, or security budget, is immune to the threat of ransomware and cyberattacks.

In Australia, the healthcare industry has been the most targeted, with the Australian Cyber ​​Security Center (ACSC) saying ransomware attacks against the Australian healthcare sector are on the rise. As an example, in 2021, large Australian organizations such as Eastern Health and the Melbourne Heart Group will fall victim to ransomware. Of course, ransomware attacks aren’t just limited to the healthcare sector. Global IR Threat Report We found that over 60% of respondents had encountered a ransomware attack in the past year.

Business leaders and security professionals alike are increasingly concerned about ransomware, and with good reason. This is due to a much more complex and broader attack surface than a decade ago. In parallel, cybercriminals are taking full advantage of changes in the way they work, equipping them with more ambitious and sophisticated attack methods. In fact, the Global IR Threat Report also flagged that ransomware attacks are becoming increasingly malicious, with more than half of reported encounters involving double extortion techniques. , Verizon Business 2022 Data Breach Investigation Report found that ransomware increased 13% in the past year. This represents a greater increase than the last five years combined.

Organizations should operate on the assumption that ransomware will hit them at some point. That requires a holistic view of how such cyberattacks occur. An often overlooked factor is the length of time an attacker can remain in an enterprise environment before triggering an attack. The longer they stay inside, the more information they can gather, the more access they can gain, and the more likely they are to wreak havoc on your business.

As an example, consider the recent Uber breach. Information was moved across applications and platforms in order for the attackers to operate within Uber’s environment for some time and gain broad access to a variety of sensitive and potentially damaging information. It seems to indicate that This is the biggest risk for most companies. That is, an attacker moving across an organization and compromising multiple systems in the process.

This is why companies must choose the right tools and monitoring approaches to continuously monitor and have constant visibility into the normal behavior of their applications, networks, staff and systems.

Understanding how cyberattacks occur

As with everything, organizations must first ensure that they have a basic view of risk and understand where cyberattacks come from. Your view of risk depends on your own business and the applications used internally. Enterprises should refer to known frameworks (NIST, Essential 8, etc.) to understand the most likely attacks in their industry or environment. Which of these is the most dangerous, either in terms of prevalence or business impact? From these points, how can an attacker infiltrate your business environment through endpoints, email, physical access, or a combination thereof, and what mitigations are in place to prevent this type of intrusion? are you there?

Security teams need visibility into all data and assets within an organization to adequately protect the organization and to support and keep these environments running in the event of an attack. For this reason, it is important to establish a complete inventory of what an organization has introduced into its environment. This includes the current execution state and basic controls over access, more specifically privileged access.

Adopt the right tools

Enterprises must choose their security tools wisely. It’s not just about using the best tools or best combinations, but also ensuring that the tools provide a high level of effectiveness in your particular environment. Additionally, it is critical that these tools work together and provide input to the management platform so that your IT team can become a member of the response team in the event of an attack. Finally, getting the business back to normal operation or maintaining some form of business continuity is also important, and the choice of tools, processes, and how staff are trained can all affect speed and success in responding to incidents. contribute. .

Review your security strategy

Your security strategy should include extended visibility, analytics, and response across apps and endpoints, as well as networks and clouds. Technologies such as Extended Detection and Response (XDR) incorporate data from endpoints, networks, applications, and cloud platforms, and use correlated data across these domains to detect threats faster. , allows this.

Thanks to automation, XDR frees humans (or frontline security professionals) to look at real threats, not “noise.” During a real ransomware attack, this is critical to getting your business up and running as quickly as possible. Because humans then focus all their attention on the true threat in near real time.

However, it is important to note that true XDR requires network and endpoint visibility. Data collection from these sources is relatively straightforward, but correlating this information to provide true insight has been difficult. Encrypted network connections, malicious actors turning off endpoints, and the sheer volume of data flowing into SIEMs and other toolsets all overwhelm staff with information and false positives. The promise of XDR is that all this information will be correlated and only the most pertinent issues will be presented to responders. Technical triage of potential incidents is much more efficient than human triage. Especially when this triage can examine a data lake of similar actions to determine if the activity is indeed malicious and can be safely ignored.

It doesn’t matter when.This is the mindset business leaders and their security teams should have before becoming the next ransomware victim. By understanding how attacks work and employing the right tools, organizations can minimize the damage when faced with such attacks. Is Your Business Really Ready?

Image credit:

How can you prepare for ransomware attacks?

Source link How can you prepare for ransomware attacks?

Back to top button