informa
3 MIN READ
Partner Perspectives

How Continuous Monitoring and Threat Intel Can Help Prevent Ransomware

Security teams should be empowered with the right amount of intelligence to track new and emerging threats and connect that intel to historical data.

Given the number of cybersecurity tools available on the market today, it’s easy for security leaders to become overwhelmed. Fortune Business Insights projects that the global cybersecurity market will experience a compound annual growth rate of 13.4%, growing from $155.83 billion in 2022 to $376.32 billion by 2029.

This trend is fitting amid the growing complexity of the security landscape. Cybercriminals have grown only savvier with their attack methods, and damages have soared as a result. In 2021 alone, the FBI reported that the cost of cybercrime totaled more than $6.9 billion. Organizations must go on the offensive when it comes to protecting their operations against online threats.

Read on to learn how you can audit your current cybersecurity portfolio to ensure you’re protected against threats like ransomware.

How Ransomware Has Evolved

Ransomware as a whole is on a rapid growth trajectory. This is due in large part to the emergence of ransomware-as-a-service (RaaS). The RaaS business model involves two key players: the operator who develops and maintains the tools to power extortion operations, and the affiliate who deploys the ransomware payload. When the affiliate conducts a successful ransomware and extortion attack, both players benefit. 

RaaS helps lower the barrier to entry for attackers who may not know how to develop their own tools. Instead, RaaS allows them to use ready-made penetration testing and sysadmin tools to perform attacks. They can also purchase network access from a more sophisticated criminal group that has already breached a perimeter. (Microsoft Security is tracking more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal activities.)  

Threat actors are also becoming more creative with their attack methods. We’ve seen a rise in new tactics, such as the double-extortion method, for example. In this model, victims are first extorted for ransom and then subsequently threatened with the possible publishing of their stolen data. Additionally, there has been a rise in attacks that target operational technology assets to disrupt critical infrastructure. Each of these ransomware types can impact organizations in different ways, and they point to threat actors' creativity when it comes to monetizing cybercrime.

So how can organizations respond?

Improve Visibility With Continuous Monitoring And Threat intel

First and foremost, when security teams develop a protection plan, they have to customize it for their organizations' biggest risk factors. Threat actors are constantly evolving to confuse and evade existing cybersecurity protections, and because any device connected to the Internet is susceptible to vulnerabilities, the threat landscape is constantly expanding. To build resilience, you need to understand your current gaps. 

For example, many businesses have Internet-facing assets that they're not aware of. This can be the result of shadow IT, mergers and acquisitions, incomplete cataloging, business partners' exposure, or simply rapid business growth. Your entire suite of cybersecurity tools should be able to work together to build a complete catalog of your environment and identify all Internet-facing resources — even the agentless and unmanaged assets.

Continuous monitoring is also an important part of this equation. Continuous monitoring prioritizes new vulnerabilities without the need for agents or credentials. With a complete view, organizations can mitigate risk by bringing unknown resources, endpoints, and assets under secure management. 

Finally, your cybersecurity software should empower security teams with the proper volume, depth, and scale of intelligence. Not only should it track new and emerging threats, but it should also connect that information to historical cyber intelligence so that your organization can fully understand its threat landscape. This approach allows security operations centers to better understand specific organizational threats and harden their security posture accordingly.

These tips provide a solid foundation for protecting against ransomware, but more can always be done. Organizations just need to stay up to date with emerging attack vectors and the latest cybersecurity protection methods.

Read more Partner Perspectives from Microsoft Security.