industry expert

Modern ransomware uses advanced attack techniques that make it difficult to detect and remediate , resulting in greater financial implications for many organisations . To have a chance of getting ahead of attackers , defences also need to evolve . Here , Trevor Dearing , Technical Director , EMEA , Illumio , highlights how Zero Trust segmentation can stop ransomware in its tracks , as well as how Illumio works with CISOs to implement robust ransomware prevention strategies .

Even though ransomware still uses many traditional exploit methods , the middleware – the bit that controls the ransomware – has got more sophisticated .

Many reports highlight that it can take up to 160 days to detect ransomware as it will often sit and do nothing for a while . Trying to detect it with things like behavioural anomaly detection becomes quite difficult .

In addition , the bad guys are using more acceptable methods of delivery . For example , they ’ ll deliver a piece of ransomware in a spreadsheet or a Word document , where you don ’ t necessarily have to click on a website link to become infected .

Some of these things make ransomware difficult to remediate against and we ’ re seeing that reflected in the uptick of incidents , as well as the fact that attackers are targeting industries where organisations may be less sophisticated and resilient in their responses .

What are the financial implications of these types of attacks for organisations ?

Each year , the Ponemon Institute releases its Cost of a Data Breach Report . It says that on average , the cost of a breach is around US $ 3.6 million . The reality is that the longer it takes to identify , mitigate and resolve an attack , the higher the cost .

The impact of the changing techniques is that , because they ’ re slower , the impact can be bigger as they infect more resources .

Attackers are always looking for the highest value so if you ’ re a manufacturer , they ’ re looking to stop your manufacturing function and if you ’ re a customer-facing organisation , they ’ re looking to lock up your customer database . The impacts can be much bigger .

What are the shortcomings of existing security practices for ransomware prevention ?

Historically , there ’ s been an overreliance on detection . For many years we ’ ve tried to be much more sophisticated in how we detect an attack and we ’ ve got better at that , having moved away from signatures and using more threat intelligence feeds .

But because of the way that ransomware moves and the way it works , it becomes quite difficult to detect . Once detected , remediation can be quite quick , dependent on what the impact is .

The danger is that by the time ransomware is detected , it could have spread significantly and it then takes a long time to resolve . We need to mix the detection with an amount of prevention and protection in the front end .

How does an ‘ assume breach ’ posture prevent total infection ?

By assuming that they ’ re going to get attacked , organisations can put preventative measures in place early , rather than waiting to deal with the aftermath of an attack .

To move around , ransomware uses ports like RDP or SSH , for example . If we can control that and stop the movement then it becomes much easier to control and remediate those attacks , ultimately lessening the impact and reducing the cost implications .

What are the key benefits of Zero Trust segmentation when it comes to ransomware prevention , particularly when used alongside additional controls ?

If you can start to ring-fence applications and stop them from communicating with

78 www . intelligentciso . com