Nov 2, 2021
0 0

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Written by

Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Share this article:
Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.
Ransomware is an intensifying problem for all organizations, and it’s only going to get worse. What started as a floppy disk-based attack with a $189 ransom demands has grown from a minor inconvenience for organizations into a multi-billion dollar cybercrime industry.
The organizational threat of these types of attacks goes well beyond encryption of sensitive or mission-critical data – for many companies, the thought of a breach and data becoming publicly available on the internet makes a high ransom seem worth it. No wonder ransomware is on the rise: Organizations pay an average of $220,298 and suffer 23 days of downtime following an attack.
So, let’s dig deeper into what’s raised the stakes for these attacks, and how organizations can work to prevent them.
The uptick in ransomware attacks reflects what organizations have to lose, and as mentioned, it’s not just access to their mission-critical data.
For instance, think about the fact that companies that are victims of ransomware attacks can suffer days or weeks of downtime that not only render them incapable of conducting core business functions, but also cause inconveniences and additional risk for customers.
Also, when looking at ransomware attacks under the CIA Triad security model, these attacks not only compromise the availability of data, but also often the confidentiality and integrity of data. That’s because many atatcks are accompanied by data exfiltration. Exposure of that data can cause significant harm to a company’s overall reputation and ultimately cause them to lose key revenue streams to their competitors down the line.
Unfortunately, this means more companies are willing to pay up to protect themselves, and cybercriminals are finding new ways to cash in on this area of opportunity.
That said, paying threat actors for decryption keys doesn’t necessarily guarantee safety for your organization, as hackers can still sell the accessed data on the dark web.
For example, Coveware’s Q3 2020 Ransomware Report revealed that the Netwalker and Mespinoza ransomware gangs went ahead and published stolen data from companies that had paid for their data to not be leaked.
Thus, in ransomware, a strong defensive strategy requires consistently refreshing methods for threat detection, prevention, and response.
Modern ransomware attacks typically include various tactics like social engineering, email phishing, malicious email links and exploiting vulnerabilities in unpatched software to infiltrate environments and deploy malware. What that means is that there are no days off from maintaining good cyber-hygiene.
But there’s another challenge: As an organization’s defense strategies against common threats and attack methods improve, bad actors will adjust their approach to find new points of vulnerability. Thus, threat detection and response require real-time monitoring of various channels and networks, which can feel like a never-ending game of whack-a-mole.
So how can organizations ensure they stay one step ahead, if they don’t know where the next attack will target? The only practical approach is for organizations to implement a layered security strategy that includes a balance between prevention, threat detection and remediation – starting with a zero-trust security strategy.
Initiating zero-trust security requires both an operational framework and a set of key technologies designed for modern enterprises to better secure digital assets. It also requires organizations to continually verify each asset and transaction before permitting any access to the network whatsoever.
Verification can be done through various methods such as ensuring that systems are patched and up-to-date, implementing passwordless multi-factor authentication (MFA) and deploying unified endpoint management (UEM). Ensuring device hygiene through patch and vulnerability management is a critical component of a zero-trust strategy. What’s more, utilizing key hyper-automation technologies such as deep learning capabilities can help security teams ensure that all endpoints, edge devices, and data are discoverable, managed and secured in real-time.
In addition to implementing the necessary technologies to assist with threat detection and prevention, organizations should consider going one step further by taking part in drills to test their responses to ransomware attacks. Having a recovery plan in place can play a vital role in minimizing the time it takes to assess the threat at hand – and ultimately determines whether your organization will be forced into paying the ransom to get its mission-critical data back and systems running once again. Practice makes perfect, and this is no different for an organization’s security strategy.
It is impossible to predict what the next wave of ransomware threats will utilize as their next attack method – but that doesn’t mean organizations can’t prepare for these challenges. By implementing a zero-trust security strategy, companies are better positioned to keep tabs on all connected devices and networks, detect and respond to threats in real-time, and thwart potential attacks before damaging the organization’s overall function and reputation. Ransomware gangs have upped their game, and cyber-hygiene has never been more important.
Daniel Spicer is CSO at Ivanti.
Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.
Share this article:
Anti-dumping code kept investors from selling SQUID while fraudsters cashed out.
The FBI is warning about a fresh extortion tactic: threatening to tank share prices for publicly held companies.
Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.
Steve on

This site uses Akismet to reduce spam. Learn how your comment data is processed.
Join thousands of people who receive the latest breaking cybersecurity news every day.
The @FBI says #ransomware gangs are targeting companies leading up to “significant, time-sensitive financial events…
10 mins ago
Get the latest breaking news delivered daily to your inbox.
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.


Article Categories:

Comments are closed.