Yahoo Finance Effective steps to defend against ransomware
Do you have these five elements in your anti-ransomware cybersecurity playbook?
The threat of ransomware is an unavoidable discussion for security teams. What began as an exclusive tier of highly skilled and opportunistic scammers has turned into an underworld business in which anyone can virtually get access to a piece of pre-built tool kit and set in motion ransomware attacks.
Just in the first six months of 2021, the Singapore Police Force and the Singapore Computer Emergency Response Team (SingCERT) received 68 reports.
Businesses are looking for solutions to defend themselves against the spate of ransomware attacks. However, preventing ransomware requires more than specific tools. It is also a mentality and mindset battle.
As with team sports, the role of cyber defence teams is to prepare for any sort of offensive plays that could make them vulnerable. They must be ready to tackle the countless elements, angles and paths that are posted by ransomware.
Whether companies are recovering from a cyber attack or proactively protecting their data, the following five elements in your anti-ransomware cybersecurity playbook need to be in decision-maker thinking. Understanding the following steps also helps streamline the recovery process and will allow the establishment of trust in weakened surroundings.
1. Reconsider your perception of what cyber risk is
An organisation needs to factor in the possibility of a security breach taking place sooner or later. This mentality means moving to a defensive stance prioritising company resources that actively shield critical infrastructure and teach users the important basics of cybersecurity.
As with team sports, being agile is vital when it comes to security for organisations to change directions and amend based on the understanding that even highest-tier security has its loose ends and will need constant honing.
2. Cut down administrative rights within the business.
Attacking the endpoint and robbing privileged access like administrative access gives hackers a boost in their mission to encrypt high-value data and hold it against the organisation.
Your playbook ought to create robust security around highly privileged systems by cutting down admin rights from users and applications and consistently enforcing least privilege — the lowest possible clearance level that permits users to execute the required task.
Understanding how attackers are likely to move laterally as well as grading their attack paths, in terms of danger and chances, will help establish an organised defensive setup. Moreover, it also fends off attempts to steal credentials, further hindering ransomware. It will also help identify attacks using identity – like insider threats - within the organisations, which will further limit damage.
3. Make cybersecurity a habit
Nobody is expecting any security team to forecast all the "plays" that an attacker might use. They are constantly evolving.
Instead, continuously test and reassess security processes to determine whether certain access rights and recovery processes align with organisational goals. Companies should examine if connections to privileged access points are within protocol and also look at limitation exercises that might identify overlooked points of failure.
Routinely using Red Teams is a valuable tool in your armoury that can help test existing security controls against common tactics, techniques and procedures (TTPs), which can in turn inform security teams about the likely attack paths for future attacks.
If companies suffer from a security event like a ransomware attack, incident response services are integral in identifying the scale of the attack, determining if any indicators of compromise (IOCs) remain in the environment.
4. Halting attacks
Being prepared for and expecting a breach does not equate to giving up. Companies can minimise their exposure to risk by equipping network users and applications with standard accounts that will tend not to have administrative access, and elevate applications that need greater access on an as-needed basis.
This will help shut down common attack vectors such as phishing campaigns, remote desktop protocols (RDPs) and unauthorised local downloads.
Threats to endpoints are constant. Some will succeed. However, it's what occurs next that decides if the assault really means it’s ‘game over’ or is just a minor blip on the scoreboard.
5. Artificial intelligence (AI)-powered identity security
AI has made its way into ransomware defences too, bringing benefits through its ability to allow cyber defences to adapt on the fly, much like the very best defences in team sports seem to think and act as one when faced with dangerous and unexpected attacks.
AI, machine learning and cloud-based analytics allow defences another way of stopping attackers from gaining a foothold on endpoints. By detecting potentially malicious applications, timely, well-informed privilege and application control policy decisions can be made, buying security teams more time to identify risk and assess its seriousness.
Putting in place a ransomware playbook is effective against — and can interrupt — ransomware attacks at each point, from initial access to lateral movement and propagation. The right attitude and a protective top-to-bottom methodology will keep the organisation out of serious danger and enable security teams to remain effective players in the game.
Vincent Goh is the senior vice president for Asia Pacific and Japan at CyberArk
Photo by Roth Melinda/Unsplash
See Also:
Click here to stay updated with the Latest Business & Investment News in Singapore
StarHub to help Singapore firms better defend against ransomware
Answer regulatory expectations and cyber threats with cyber resilience
Get in-depth insights from our expert contributors, and dive into financial and economic trends
