Ransomware
The Grip of Ransomware
For the full article visit helpnetsecurity.com >
November 2021
Ransomware inside your corporate infrastructure
The spectre of ransomware seems to be looming very large currently. It seems that a day doesn’t go by without another big name being ‘kidnapped’ by cyber criminals (imagine the number of victims that we don’t even get to hear about). Most recently, the well-known camera maker Olympus was allegedly hit by a ransomware attack which is still under investigation. So it’s a familiar issue for many organisations. Like cockroaches surviving nuclear war, ransomware seems to persist across every iteration of networks, infrastructure and devices. To make things even more challenging, COVID has turned the working world upside down giving rise to a raft of technology challenges that include ransomware-related security concerns.
Shifting the work goalposts
The pandemic changed the way most of us worked (and continues to do so in many cases). Working from home (WFH) or remote/hybrid means that employees now expect seamless remote access to corporate infrastructure from just about anywhere – but security is more easily compromised. Why? Security teams now lack the visibility they used to have into user activity, device behaviour and data handling practices.
These days, the bad guys don’t have to rely on brute force as a modus operandi. Those behind ransomware attacks can adopt more subtle softly-softly tactics. By employing phishing tactics on employees via their mobile devices, they can easily access corporate infrastructure using legitimate credentials. And once they find a way in, the damage can really begin. Often they will exfiltrate huge amounts of data very quickly whilst at the same time locking you out from your own systems. And whilst some turn to Virtual Private Networks (VPN) in order to facilitate remote access, the very same credentials can enable hackers to move laterally across your infrastructure. And the problem gets compounded because employees are increasingly using unmanaged devices and networks to access your apps and infrastructure – but your team has no control over them.
What can be done?
So is it all doom and gloom? Did the bad guys win? Fortunately the answer is no. With most things technology related it’s a question of keeping up and, sadly, many organisations fail to do so. But here are some approaches that you should definitely consider.
Secure your mobile endpoints A typical cyberattack can begin with the sending of a phishing link. These days, mobile devices have facilitated myriad ways to send them to users – gone are the days when you only had to worry about the phishing risks within an email. Now, phishing threats lurk everywhere – in messaging apps, within social media and even Tinder. Things are complicated further by the blurring of lines between work and play. People use their mobiles increasingly for both professional purposes and personal matters. Therefore the potential to be caught out by phishing links increases accordingly.
Zero trust network access Remote workers sometimes require data that resides in your organisation’s data centres. And so many businesses routinely make use of virtual private networks (VPNs) to facilitate such access. The downside of this however, is that by using a VPN you lay bare your infrastructure to networks and devices that are outside of your control. Ultimately you need the security of a web application (and the associated behavioural traits) to make sure that your data is secure. Knowing things like who is connecting to your apps, what type of device they are using and their access requirements, all serve in helping you to customise access for your users.
And this is where Zero Trust Network Access (ZTNA) comes in handy. Essentially, it provides an uninterrupted connection to your apps (wherever they might dwell) without any risk to your data. ZTNA allows you to mask your apps away from the public internet, giving only authorised users the appropriate access. You can bullet-proof things further by integrating ZTNA with multifactor authentication and identity access management.
Cloud access security broker Most organisations probably have to deal with an endless number of cloud apps. So how do they manage them all with full visibility and without any risk to their data? By using a cloud access security broker (CASB). This technology is fast becoming a critical part of enterprise security – one that enables safe usage of cloud computing whilst also safeguarding sensitive company data. CASBs afford your organisation complete visibility over the interactions between your users, endpoints, cloud apps and data. Importantly, you also get complete control over Zero Trust access with the ability to dial in precisely what’s needed. And with continuous monitoring of user activity your organisation is able to detect and respond to cyberattacks.
New working world, new technologies. With everybody having to face up to the challenges of working in a different way, cybersecurity is evermore important in the face of rising levels of cybercrime such as Ransomware attacks. But by adopting the correct approach you can keep your digital assets and your people safe and secure.