Over the years, ransomware has caused billions of dollars in personal, reputational and financial losses and it’s estimated that there’s a ransomware attack every 19 seconds.
Anti-Ransomware Day (May 12) was created to encourage organizations of all industries to protect themselves against the dozens of ransomware strains that threaten to halt business operations.
In order to protect data, defend against ransomware threats and prevent loss, it’s critical that organizations have a robust security posture. We spoke to a number of cybersecurity experts to determine some of the best approaches. Here’s what they said:
“Anti-Ransomware Day falling on the anniversary of the infamous 2017 WannaCry attack is a stark reminder of just how devastating sophisticated cyber attacks can be. Infecting more than 300,000 computers across 150 countries and costing the global economy approximately $4 billion, it is unquestionably one of the most significant ransomware attacks the world has ever seen.
“Thankfully, since the end of 2017 (which was also the year of NotPetya) we have not endured an attack on a similar scale. However, ransomware is far from a waning threat; in fact, it’s only just entering its ‘golden age’. Recent research has demonstrated that last year 61% of disaster recovery responses were triggered due to ransomware and it took businesses an average of 21 days to recover.
“So, with ransomware only increasing in frequency and sophistication, prevention and recovery methods are no longer enough. It’s time to embrace resilience. According to Gartner, “isolated recovery environments (IREs) with immutable data vaults (IDVs) provide the highest level of security and recovery against insider threats, ransomware, and other forms of hacking”. This means organizations need to be investing in technology such as isolated and air-gapped vaults that provide the means to protect, detect, and recover from ransomware attacks in any environment.
“In 2023, the threat of ransomware is not an ‘if’, it’s a ‘when’. By taking advantage of the right technology and embracing resilience, organizations can ensure that when an attack occurs the damage and downtime are a fraction of what they could be.” – Christopher Rogers, technology evangelist at Zerto, a Hewlett-Packard Enterprise company
Go Beyond EDR Technologies
“There was a time when endpoint technology stood relatively strong in two key areas. On the one hand, the traditional anti-virus/malware agent served as a stand-alone protector against recognized threats by drawing attention to unusual activity and lowering noise. On the server side, endpoint technologies’ application control helped determine what should be running, how it should be running, and by whom.
Unfortunately, endpoint detection and response (EDR) solutions, which were initially designed to identify behavior and were utilized for forensic examination by analysts, also have a high susceptibility to exploitation themselves. If an adversary were to take advantage of an EDR tool, they would have access to a variety of an organization’s telemetry, including user and identity authentication, access to files, system variables and key business applications. All of which increases the scope through which ransomware can be deployed.
On Anti-Ransomware Day, I wanted to remind enterprises to go beyond just EDR solutions to improve security posture and mitigate the risk of a ransomware attack. Security teams need complete and holistic visibility across any environment — which includes, but is not limited to, endpoint logs. In order to paint a full picture, CISOs and their security teams must be able to monitor user and device behavior across the whole network to distinguish between normal and anomalous behavior.” – Randeep Gill, Principal Cybersecurity Strategy, Exabeam
Apply The Principle of Least Privilege (PoLP)
“Anti-Ransomware Day is a great reminder of the importance of regularly examining identity and access management practices. After all, before ransomware can get disseminated, an adversary has to gain initial access into a network. With Verizon reporting that 61% of all security breaches involve the exploitation of credentials, and StrongDM reporting that 55% of organizations maintain backdoor access to infrastructure, it’s very likely a majority of ransomware incidents are spurred by poor access management practices.
With as distributed as our world has become, it’s imperative that executives and IT teams consider applying the principle of least privilege (PoLP) and take a zero-standing privilege approach. Doing so ensures that credentials only exist in the moments they’re needed, that every action is secure and auditable, and that credentials are essentially removed from the equation entirely. By limiting access as much as possible, organizations will reduce their attack surface and help mitigate the risk of ransomware.” – Justin McCarthy, CTO and co-founder, StrongDM
Add Data Security in the Form of Encryption — At Rest, In Transit and In Use
“Protecting data from the threat of ransomware remains a priority for CISOs and cybersecurity professionals. This Anti-Ransomware Day, we must practice proper cyber hygiene, by adding data security in the form of encryption, not only at rest and in transit but also in use. Encryption and other in use controls such as tokenization dramatically decrease red blast radius from ransomware attacks since they make stolen data unusable for extortion.
Despite a decrease in ransomware attacks in 2022, in 2023, there have been more advanced ransomware strains that are a larger concern due to newly developed double extortion techniques. We can combat these attacks by investing in encryption-in-use that stays in place even if bad actors get their hands on valuable data, therefore making it illegible and unusable as a source of leverage.
Threat actors used to extort data by accessing data from large repositories and also backed-up information. Now, new forms of ransomware can exploit VPN vulnerabilities and garner continuous access to proprietary information. Organizations must invest in proactive data security controls to counter this threat.” – Arti Raman, Founder and CEO, Titaniam
Prioritize Detection and Prevention Over Recovery
“Anti-Ransomware Day serves as a reminder of the looming threat of ransomware and how enterprise leaders need to be aware of cyber threats to keep their business safe. Ransomware attacks have continued to terrorize enterprises since the 2017 WannaCry attacks by the Lazarus group. In 2022 alone, IBM reported an average ransom payment of $812,360, with the total cost of a ransomware attack on an enterprise being $4.5 million on average.
To combat this ever-present threat, organizations need to prioritize the detection and prevention of threats over recovery. Implementing strong security measures across the board, from patching software to employee training, all play a pivotal role in ensuring a strong security posture. Enterprises can eventually recover from a ransomware attack, however, prevention is the ultimate goal for a proactive cybersecurity strategy.” – Aaron Sandeen, CEO and co-founder, Securin