Protecting your data from unrelenting ransomware attacks means protecting your business. Such attacks are not only increasing in complexity but are also becoming more efficient at exploiting network and system vulnerabilities. The average cost to remedy a ransomware attack, which includes downtime, device cost, ransom paid, and more reached US$1.85 million, according to The State of Ransomware 2021.
In light of this complexity, efficiency, and cost of attacks, you need to ensure your organization has the appropriate tools, people, and processes to proactively defend against new and emerging threats. This article will discuss how these attacks work, how they can be stopped, and best practices to reduce risk.
On May 7, 2021, 45% of the oil supply for the US East Coast was effectively shut off when a ransomware attack by an Eastern European hacking group left a prominent oil pipeline virtually disabled. What ensued were several days of gas shortages, which spurred steep prices and panic buying across the Eastern Seaboard. The event became a worldwide news event that caught the attention of the White House, prompting an executive order on May 12 to address a nationwide infrastructure for cybersecurity.
High-profile ransomware events like this tend to obscure the view; there are thousands of similar, but lower-profile events. The State of Ransomware 2021 report indicates that 37% out of 5,400 organizations were hit by ransomware in the last year.
The State of Ransomware 2021 report indicates that 37% out of 5,400 IT decision makers’ organizations were hit by ransomware in the last year.
So what can your organization do? That’s what we’ll discuss here, where you’ll learn three primary best practices to facilitate better security against ransomware:
- Create a secure foundation in the cloud.
- Modernize your security with advanced technologies.
- Optimize security to reduce risk.
Let’s dive in.
Practice 1: Create a Secure Foundation in the Cloud
Cloud technology is inherently secure on its own, but there are still occasional vulnerabilities that you can solve by sharing the responsibility with your cloud provider.
Holistically assess your cybersecurity posture
Seeing the big picture will enable you to identify, understand, and address any red flags in your security. To get this holistic view, you need to audit and understand what’s happening in your organization when it comes to cybersecurity. Start with the following:
- Security methods: How are you monitoring, identifying, preventing, and responding to cyber risks?
- Employee upskilling or reskilling: Increase your staff’s capacity to prevent security breaches.
- Infrastructure: Get consistent, real-time data on the security of your environment.
- Least privilege: Ensure your identities only have permissions required for their tasks and nothing more.
- Risk-analysis programs: Produce consistent, thorough reports of key risk indicators (KRIs).
- Culture: Create an atmosphere where prevention and response are everyday topics.
Auditing your organization for the above will help you gain full visibility of your environment and identify areas of potential risk. After conducting this audit, you’ll also need to determine the scope and severity of possible threats, addressing the areas with the highest impact first.
Practice 2: Modernize Your Security with Advanced Technologies
In January 2021, one prominent firm found errors in a well-known ransomware and published their findings publicly. This attempt to self-promote ended up alerting the ransomware group of its flaws, allowing it a chance to fix its errors. This short-sightedness inadvertently aided the ransomware group, arguably contributing to the above-mentioned, newsworthy oil pipeline attack.
Ransomware agents frequently adapt their technologies to meet advancements in cybersecurity, which is why organizations need to stay ahead of the curve.
Leverage machine learning
Your organization should be able to utilize deep learning, or other machine learning techniques, to analyze the “DNA” of files and block never-before-seen ransomware before it can execute.
Ideally, your solution fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats with speed and precision. This fusion of cloud workload protection and intelligent, extended detection and response (XDR), with a world-class team of security experts results in machine-accelerated human response.
Combining machine learning with real-time, human response should accomplish three main goals:
- Stopping attacks from getting into and spreading within your environment.
- Securing your endpoints and cloud workloads.
- Protecting valuable data and personally identifiable information.
Block the malicious encryption processes used in ransomware attacks
Today’s ransomware attacks often combine multiple advanced techniques with real-time hacking. To minimize your risk of falling victim you need advanced protection that monitors and secures the whole attack chain.
Your solution should give you advanced ransomware protection capabilities that disrupt the whole attack chain, including file protection, automatic file recovery, and behavioral analysis that stops attacks and rolls back the unauthorized encryption of files in seconds. Also include:
- Extended detection and response (XDR), incorporating cross-product data sources for more visibility.
- Deep-learning AI to prevent both known and unknown malware, without relying on signatures.
- Exploit protection, blocking the exploits and techniques used to distribute malware, steal credentials, or escape detection.
- Application control, able to block applications from running on cloud workloads that could be used by adversaries to launch attacks.
- Server lockdown, to take a known, good configuration of cloud workloads and lock that state to prevent unauthorized programs from running.
- Cloud security posture management (CSPM), monitoring access activity to detect suspicious events, insecure hosts, containers, and serverless deployments.
- Cloud infrastructure entitlement management, analyzing complex, interwoven IAM roles to visualize relationships and ensure identities do not have over-privileged access.
Go beyond signature-based detection
On the same vein as deep learning, your solution should change server security from a reactive approach to a predictive one, protecting against known and unknown threats. While many products claim to have machine learning, not all are created equally. Deep learning has consistently outperformed other machine learning models for malware detection.
Deep learning makes your solution smarter, more scalable, and more effective against new threats than traditional machine learning or signature-based detection alone. That effectiveness comes from deep learning’s ability to “memorize” the entire, observable threat landscape as part of its training process. The more information it processes, the more accurate its predictions. That’s how deep learning always stays up to date.
To review, modernizing your security with advanced technologies involves three main points:
- Leveraging machine learning
- Blocking the malicious encryption processes used in ransomware attacks
- Going beyond signature-based detection
Practice 3: Optimize Security to Reduce Risk
The latest advancements in cybersecurity technology mean very little without environments designed to meet best practices standards with visibility to maintain them.
Make frequent, encrypted backups
There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop, or even an accidental delete. Backing up your cloud data provides:
- Data durability, where copies of all data are uploaded to multiple cloud servers.
- Flexibility and scalability, where you can scale queries on demand.
- Cost efficiencies, where pay-as-you-go pricing is the norm.
- Backup for all data types, meaning that object, file, and block data is supported.
Establish regular backup schedules, with backup data in private storage that is not attached at a network or workload level, where unauthorized users can’t find them. Further, organize a disaster recovery plan that covers the restoration of data and whole systems.
Patch early, and patch often
Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
Malware that doesn’t come in a document format often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash, and more. The sooner you patch, the fewer holes there are to be exploited.
Patch management (i.e., the automation of managing third-party application patches) shouldn’t be overlooked, so apply security updates as regularly as possible. Don’t take additional risks by not patching because you are focused on uptime and don’t want customer applications offline briefly – it’s better to be secure, but this needs discipline.
Make sure your team follows best practices to reduce risk
Human error is probably the biggest cybersecurity risk. And as much as cybersecurity experts would like to think that many of practices should be common knowledge, the fact is they’re not.
For example, Ryuk attacks frequently arrive in an email with a malicious attachment. If your staff members don’t know how to spot a potential phishing email, they’re more likely to click on the attachment.
Educate your organization members so they exercise better security hygiene.
As ransomware attacks proliferate, your organization will need the appropriate tools, people, and processes in place to block ransomware attacks starts with creating a security foundation in the cloud.
Fortunately, you’re not alone. By following these best practices mentioned here, you’ll be in a much better position to detect, prevent, and respond to ransomware threats. Just remember:
- Create a secure foundation in the cloud by assessing your cybersecurity posture, understanding your security responsibilities, and considering a management platform that can help keep your environment secure.
- Modernize with advanced technologies through machine learning, blocking malicious encryption, and going beyond signature-based detection.
- Optimize security to reduce risk by frequently making encrypted backups, patching often, enforcing least privilege access, and ensuring your team follows security best practices.
We pride ourselves on our abilities to help you follow through on all of these best practices.