decrypting myths
Which tools and solutions should organisations consider investing in to protect themselves and what ' s the best practice approach for protecting against ransomware attacks ?
There are the basic elements and basic hygiene which organisations should certainly be considering .
For example , keeping machines patched and up to date , making sure you ' ve got some form of next-gen antivirus and EDR solution is going to help filter out some of those initial intrusions . But taking a step back , we ' ve got to be cognisant that it ' s becoming very profitable to execute these types of attacks and we ' re seeing reports of affiliation to nation states because of the impact and the damage that ' s caused .
It all comes back to the fact that ransomware wants to spread . It might get onto one workstation , but it wants to spread far and wide and if it ' s extortion it ’ s going to want to pivot off your workstations and go after your data .
Looking at this from an alternative perspective , it ' s going to be things such as making sure that everyone ' s running without administrative rights on their workstation , ensuring that everyone ' s using strong authentication and moving away from the usage of passwords in your environment .
Propagation or lateral movement , which is something you want to stop , is going to be a lot easier if there ' s a lot of weak credentials being used in environments .
Using strong authentication like Multi- Factor Authentication ( MFA ) is going to be important , as well as managing the privileged and administrative accounts in your environment because they ' re commonly targeted to allow that spread to take place .
Forcing and adopting the principle of least privilege is something that ' s talked about in every kind of government best practice , but striving towards least privilege is going to make the attacker ’ s life a lot more difficult . It has a double reward for organisations because that best practice would be the same if we were talking about trying to prevent a data breach or stop a nation state performing espionage in their environment , or lateral movement .
It just so happens in this case we ' re talking about ransomware because the end objective is some form of ransom to be held against the organisation .
How does CyberArk set itself apart from others as a ransomware prevention partner ?
We look at the end-to-end process , including all the aspects that take place in a ransomware attack such as a data breach or service disruption .
We ' re very cognisant of what ' s happening around identities in that attack cycle and attack path . We ’ re really focusing on reducing removing admin rights across the entirety and , when it comes to ransomware , being aware that this is not just an endpoint piece .
We have technology and services and help organisations to ensure no one ' s running with local admin rights – which is really important because we ' re all sitting at home on unsecured Wi-Fi networks – so we ' re in an environment that ' s less secure than when we ' re in the office . Helping organisations lock down permissions is important but knowing that for ransomware to take place and really impact an organisation it ’ s going to want to spread and move out .
It ' s also stepping away from the endpoint and looking at how lateral movement and propagation happens in the wider organisation , so things such as privileged access management , forcing least privilege , delivering strong adaptive Multi- Factor Authentication . These are things that we have with our capability suite , as they tackle that endpoint problem but also that wider problem of lateral movement within the organisation . u
Using strong authentication like Multi-Factor Authentication ( MFA ) is going to be important , as well as managing the privileged and administrative accounts in your environment . www . intelligentciso . com
69