Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

12/18/2019
02:00 PM
Shawn Taylor
Shawn Taylor
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail vvv
50%
50%

5 Security Resolutions to Prevent a Ransomware Attack in 2020

Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.

Over the past two years, ransomware attacks have increased in frequency and severity. In 2019 alone, the attacks have crippled manufacturing businesses, brought hospitals to a halt, and even put lives at risk.

It's no wonder that many organizations are putting ransomware prevention and response planning at the top of their priorities list for 2020. And those that aren't probably should consider what more they can do to better prepare their organizations against these types of attacks.

The time to put measures in place is not after an attack has already taken place. I've worked with many organizations scrambling in the aftermath of a breach, but this can be avoided if you proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network to limit an attack's reach.

Here are five things organizations should consider as part of their security resolutions in 2020:

1. Basic Cybersecurity Hygiene: Improving basic cybersecurity hygiene is the No. 1 defense against any type of attack, including ransomware. This is the cybersecurity version of many people's New Year's resolution to "get healthy." Cybersecurity hygiene can mean a lot of different things, but a good place for companies to start is by making sure they have strong vulnerability management practices in place and that their devices have the latest security patches. They can also make sure they are taking basic security precautions that are often also important for regulatory compliance, like running up-to-date antivirus software or restricting access to systems that can't be made compliant. Ultimately, however, for most organizations, starting with CIS Control 1, Inventory and Control of Hardware Assets, will establish a good foundation upon which to build.

2. Penetration Testing: Companies that already have much of the basic hygiene in place can take the additional step of engaging pen testers to further ensure that anything Internet-facing in their organization is protected. By finding what means or mechanisms attackers could hack or brute-force an attack to gain access to applications or internal systems by bypassing other protections such as firewalls, security leaders can fix those areas before bad actors find them. 

3. Board Discussions: Cybersecurity is increasingly becoming a board of directors-level issue. That's because an attack can have a significant impact on a company's revenue, brand, reputation, and ongoing operations. However, it's worth having a specific board-level conversation about ransomware to ensure they understand the specific risks it could pose to the business, and that there is budget made available to prevent or limit the damage of an attack. That discussion will prove critical if the company wants to implement added protections, such as improved cyber hygiene, or put in place automated reactive technologies to limit the spread of an attack. If the CIO or CISO is not already regularly having these conversations about cybersecurity or ransomware in particular, that's definitely a good place to start for 2020.

4. Tailored Training: There is one vulnerability that has proven effective again and again as an entry point for attack: people. You can buy all the latest and greatest cybersecurity technology, but if you aren't training your employees in basic cybersecurity or how to respond during an attack, then you're leaving yourself vulnerable. Training to prevent ransomware starts by teaching employees to recognize phishing attacks and what to do if they suspect one. This is important because — even though many users have gotten better — phishing remains one of the most effective ways for an attacker to breach an organization. Teaching users to validate URLs or avoid clicking on links or attachments altogether can go a long way toward protecting against all types of attacks. This is a good practice to start or revisit in 2020.

In addition to preventing an attack, security leaders can also think about adding specific training for ransomware response. It's pretty easy for an employee to know when they've been hit with ransomware — their work screen may go away and they may get a pop-up directing you to a URL to pay the ransomware (likely in bitcoin). Training employees in what steps they can take in response or giving them an emergency point of contact on the security team can make them feel more in control in the panic of an attack.  

5. Limit the Scope of an Attack: Ransomware resolutions should include not only preventing an attack but also taking steps to minimize the damage of a successful one. That starts with having tools in place, such as SIEM systems that can identify the behavior patterns and heuristics of an attack and begin to automatically isolate and remediate those systems when indicators are flagged. It also means embracing tools such as network segmentation that can prevent the lateral movement of an attack across the network.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How to Manage API Security."

Spanning a 20-year career as an accomplished and well-respected Systems Engineer, Shawn Taylor's strong mix of technical acumen, architectural expertise, and passion for operational efficiencies has established him as a trusted adviser to ForeScout's customers since joining ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ernac
50%
50%
ernac,
User Rank: Apprentice
2/3/2020 | 2:42:44 AM
Nice Article
Definitely a curated piece of content. I'm working as a security testing freelancer and have several International clients by God's grace. Side by side I'm also working on a personal report based on security testing services. Your security testing blog is quite detailed so felt like asking for some help. Could you please suggest that whether adhering to the OWASP Top 10 safeguards the digital network architecture of a business ?
duetqqip
50%
50%
duetqqip,
User Rank: Apprentice
12/21/2019 | 12:40:24 PM
Re: Deploy key technologies to close critical vectors
nice
sethblank
50%
50%
sethblank,
User Rank: Author
12/18/2019 | 7:05:06 PM
Deploy key technologies to close critical vectors
Thanks for the article, Shawn.

There's one crucial item missing from your list. 90+% of cyberattacks, including ransomware, begin from email. And there are well known technologies, such as SPF, DKIM, and especially DMARC, that prevent these abuses before they ever get in front of a user.

These solutions don't cover every scenario, but they cover the majority of the sources of the threats. We've seen in the real world that when an organization has DMARC in place, attackers simply move on to abuse other organizations instead of moving to more difficult vectors.

If you want to stop ransomware, deploy these open standards and you've reduced your threat surface by more than half. Then apply the rest of your recommendations to continue closing the gap.
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: George has not accepted that the technology age has come to an end.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26814
PUBLISHED: 2021-03-06
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service sc...
CVE-2021-27581
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.