Ransomware is one of the most active and profound threats the organizations are facing today, of all industries and sizes. Ransomware is a form of malware that encrypts the victim’s files and attackers demand an undisclosed amount in lieu of providing secret keys to decrypt the encrypted data that has been locked. In most of the real scenarios, the infrastructures were highly prone not only to ransomware but also to other advanced cyber-attacks as well, even though had basic cyber protection, using outdated systems either end of life with no more updates or simply the updates to vulnerabilities were not applied though the fix was available.
Organizations still do not follow the basic fundamentals of cybersecurity. They lack visibility, and do not have a continuous risk assessment plan in place that can help them implement and govern cybersecurity controls effectively and respond against advanced ransomware attacks. Quite frequently, advanced attacks like ransomware make use of social engineering tactics to infect networks. Cybercriminals commonly use social engineering to make users disclose their confidential or personal information that can be further utilized for fraudulent transactions and to infect targeted devices inside a network with ransomware, resulting in demand for money. It is indeed an important step to relook at all attack vectors like email, web and social media, and implement strong security controls to defend against ransomware attacks. The eventual goal of preventing ransomware attacks and strengthening security posture is to protect “Data”.
Secondly, Cybercriminals use privileged credentials to gain access & compromise critical assets with ransomware attacks like Maze ransomware that not only encrypts data but also leaks confidential information in the public domain. Risk of exploiting privileged credentials can be minimised by implementing Privileged Access Management (PAM) strategy throughout the infrastructure.
Today, it is imperative to explore how to protect sensitive data that resides everywhere within an organization. Data can be accessed by users and devices anytime, especially while working from home owing to the global pandemic or to say from outside the business perimeter, which actually no longer exists and has already diminished as businesses are moving to cloud and mobile. We would say that the current state of implementing data security controls is definitely not in an ideal shape. The DLP solutions have been deployed, however, have not been configured and implemented properly. The main reason behind the failure is the lack of support required to help security teams identify & protect critical sensitive information.
To address this issue, organizations shall evaluate new and advanced tools like DLP/IRM/Watermarking/Tokenization etc. to discover, classify and protect sensitive data at rest, in motion and in use across hybrid infrastructure, especially cloud and mobile devices. There has to be continuous Security Monitoring & Response, Risk Assessment, Governance and Compliance. Whether you agree with me or not, the entire effort of implementing the above-recommended steps will go to waste if you do not implement them completely. That includes Asset Register, Identify risks & applicable security controls to map against each asset, Assess the risk continuously and that has to be Monitored in real-time and respond to all security events originating from/targeting assets using in-house tools and at last, one should have cyber forensics for investigating advanced attacks like ransomware. This is an essential exercise to know the root cause of attacks that will help you remediate the gaps in the system for protection against future attacks.