Five keys to mitigating today’s ransomware risks – Intelligent CIO ME

admin on August 26, 2021 Leave a Comment

DmitryDontov, CEO and Chief Architect ofSpin Technology, considers the best ways to approach modern ransomware preventionin the modern workplace.

Ransomware attacksgrew by 435%in 2020 compared to 2019 and thisincrease is not expected to slow down anytime soon. To put that into perspective, ransomware attacks have outpaced the already massive growth rate for overall malware prevalence during that same period (358%). And according toCybersecurityVentures, ransomware damages will cost the worldUS$20 billion in 2021 (nearly 60 times the level of financial repercussions seen in 2015).

Over the last 12 months, the threat landscape has changed dramatically with the rise of remote workforces and the explosion of cloud services. So how can your security strategy evolve as well? When it comes to ransomware, here are five areas to think about.

Itsno secret that remote work has changed the ransomware attack landscape. Now more than ever, employees are operating outside of the traditional corporate perimeter, beyond where the bulk of your security controls are most effective and concentrated. As a result, there are new attack vectors to address, such as vulnerable VPNs and Virtual Desktop workspaces, which means attackers are more likely to target individual users than corporate networks.Theyreusing social engineering methods to make attacks more personalized and sophisticated. This is one of the reasons why 73% of ransomware attacks succeeded in 2020.

Remote work has also forced organizations to invest more heavily in cloud services to ensure employees can access corporate data and resources regardless of their location, making SaaS apps and cloud services a prime target for attackers. Additionally,itsmuch harder to monitor employees activities outside of the office and thus, more challenging to mitigate potential attacks. Lastly, employees increasing use of unprotected home computers andWi-Firouters with default passwords provides many new ransomware opportunities for bad actors.

Butwhatsthe difference between an attack on a corporate network vs. the cloud?A ransomware attack on a corporate network usually occurs in the form of a malicious app that runs a malicious script on a local PC or corporate server. It encrypts data and then spreads to other PCs and servers. In the cloud, there are two ways to encrypt SaaS data. The first is through a syncing app that connects your local device with your cloud environment. The second is through a malicious OAuth app or browser extension with access to your SaaS data via API. More on best practices for detecting and preventing cloud ransomware later.

So how can companies limit the impact of infections on remote workforce devices?Today, many device management tools allow you to install VPNs or anti-malware software remotely, create security policies, prevent employees from visiting suspicious websites, and monitor and manage employee devices often from one centralized cloud-based dashboard. On top of that, you need to implement an activity log monitoring solution that uses AI to intelligently scan and identify behavior anomalies such as abnormal GeoIP login, brute force attacks, etc. For organizations with growing remote workforces, this is a must-have approach to protecting sensitive corporate data and keeping work-from-home employees from causing security disasters that could impact the entire organization.

Unfortunately, parts of security education and training justarentworking.A lot of security training platforms and programsdontadequately cover remote work risks. In the world we live in today, these programs must educate employees on how to securely use their devices in potentially vulnerable home environments.

For example, most employees today need to know how to update router admin passwords, monitor and manage connected devices, and more.And,these training programs dont cover best practices for protecting company devices from non-employees that can easily gain access. In many cases, guests and even family members could access a corporate laptop throughout the day, creating yet another concern for SecOps teams to manage.

So, what is the best way to approach modern ransomware prevention?

Keep in mind thatdowntimeis an inevitable risk of any ransomware attack that youcantavoid. Today, an average downtime incident lasts about 16 days and can be tremendously costly. Here aretop reasonshow downtime comes from:

When you design aDisaster Recoverystrategy for your organization, youhave totake downtime into account to reduce the downtime and recovery timeline because when it comes to ransomware attacks today it is no longer if, its already when.

Facebook Twitter LinkedInEmailWhatsApp

Read this article:
Five keys to mitigating today's ransomware risks - Intelligent CIO ME

Related Posts
Posted in Cloud Storage

Comments are closed.