Ransomware is back in the spotlight – putting businesses, governments, critical infrastructure, and even human lives at risk. It has broken out of the cybersecurity space and grabbed the attention of mainstream media, while also landing on the desks of some of the world’s highest ranking government officials. With so many high-profile stories on ransomware hitting the news cycle, organizations want to know two things: How exactly do threat actors get into the network, and what can be done to stop them?
Ransomware operators often use phishing and social engineering to steal credentials or get employees to click on a malicious link or attachment. They can also enter the organization’s network when users visit infected websites, or by exploiting known software vulnerabilities within the organization’s network environment. The ransomware infection can also start in a business partner or service provider’s infrastructure and make its way to the organization’s network.
Attackers typically wait until they’ve gained control of a large portion of a network environment before deploying the ransomware. That’s why it’s also important to limit what they can do if they gain control of a user account or get into the network.
What to Focus On In Ransomware Defense
Since ransomware is so multi-faceted, no single technology alone can prevent it. Protections must be ongoing and layered. While cyber hygiene is a good starting point because threat actors often target common vulnerabilities and weaknesses, there is more that can be done.
- Regularly back up your data and store it offline where it cannot be accessed by outsiders.
- Create and maintain an accurate asset inventory. Keep those systems patched and up-to-date.
- Conduct periodic risk assessments to stay on top of any potential vulnerabilities ransomware attackers may attempt to exploit.
- Use encryption and network segmentation to make it harder for attackers to get to your data and critical systems.
- Educate your employees on cybersecurity and ransomware, and what to do if they encounter something suspicious.
- Keep your security team informed about the latest ransomware tricks, and have an established incident response plan to handle ransomware attacks.
What Comprehensive Security Looks Like
Of course, you need a broad range of security technologies to cover the many threat vectors. You want to protect your network from the perimeter to the core, and across endpoints, email, the cloud, and web. You should also be able to monitor and control who is accessing your environment and what they are doing once inside through a zero trust approach. Essential technologies include next-generation firewall and intrusion prevention technology, email security, cloud and web security, endpoint protection, secure access (such as multi-factor authentication -- MFA), and network visibility and analytics.
Together, these technologies can block malicious actors and malware from entering your network through various pathways such as spam, phishing, and web-based attacks, while preventing them from wreaking havoc if they do slip through the cracks. Integrating these various technologies together will prove even more effective, in addition to keeping them current. Our recent Security Outcomes Study found these are the two most important things organizations can do to achieve security success.
The return of ransomware is certainly creating challenges for cyber defenders, but the good news is that a solid security foundation goes a long way in mitigating the potential damage from these attacks. Start with the basics and build from there to make your environment stronger in the face of evolving threats.