June 20, 2021
Ransomware is not the Problem, it’s a Symptom
Ransomware is a symptom of inadequate security
Ransomware is definitely a growing problem with ten percent (10%) of all breaches in 2021 involving ransomware according to the 2021 Verizon DBIR.
Ransomware has been prominently in the news with recent attacks on Colonial Pipeline and JBS USA (a major meat producer) leading people to believe that ransomware is somehow an attack that can be singularly protected against. It cannot.
But rather ransomware is but one manifestation of security attacks and a reflection of holes in your security.
Malware can Get Inside your Systems in Many Ways
Your weakest security links may be the attacker’s entry points even if your other security is strong.
Common attack methods for ransomware include the following and are supported by recent data from the Verizon DBIR:
- Credential theft for access to you network, Website, servers
- Email – phishing to solicit login credentials
- Email – malicious links or file attachments to solicit credentials or download malware
- Employees clicking on malicious links even on reputable Websites
- Supply chain attacks
- voluntary downloads of malicious code via software downloads and updates
- Hacking into your networks
- Infected endpoints that transfer malware over the network
Protecting against Ransomware Requires a Risk Based Approach and Balanced Security
Implementing the right mix of security for your company gives you the best chance of safety. That mix should include or be defined by:
- 3rd party risk assessments should be used to define appropriate security.
- This should include a complete security review, not just vulnerability scans and penetration testing
- Implement balanced security that addresses the risk assessment’s found priorities
- Try to attain compliance level solutions
- That means using a risk management process plus company specific security controls
- While endpoint security companies make claims about ransomware protection, by the time you need that protection, you are already downloading and running ransomware.
- The protection we are talking about here attempts to prevent you from getting infected in the first place. Detecting it once it is inside is important, but that is step 2.
Protect Data and Systems Wherever They Are
Your data and systems are now spread out in remote data centers, cloud application servers, remote employee workstations etc.
Protecting them means protecting all of those environments and making sure that infections cannot spread to other sites. Look for vulnerabilities in all locations and protect them appropriately. Adopt non-traditional solutions like micro-segmentation to deal with distributed data and systems.
Use Zero Trust Solutions Wherever Possible
Zero trust security means making no assumptions that users, devices, or resources are trusted. But rather assuming that only those users, devices, and resources that are explicitly allowed will be able to access and act on your protected assets. Using these new zero trust solutions decreases your security risks.
Zero trust solutions like multi-factor authentication (MFA), least privilege access, and micro-segmentation reduce exposure to unauthorized access.
Other security like firewalls, endpoint security, secure email, secure cloud applications (CASB), and even data/system backup now have zero-trust hardening that can be deployed as well.
Use 24×7 Professional Monitoring & Management
A key concept in regulation compliance is monitoring, detection and response. The assumption is that you cannot prevent all attacks.
Most companies are not staffed or financially equipped to buy SIEMs, train redundant staff, and then monitor, tune and adjust them on a 24×7 basis.
3rd party managed SoCs are available to solve this problem at an affordable cost.
It is safe to say that the companies in the news these days are not taking the above security steps to protect their data and systems. The days are long gone where companies can bury their heads in the sand and hope they are not attacked. Attackers use readily available attack tools to easily attack a broad set of companies including small companies.