We’re excited to deliver Rework 2022 again in-person July 19 and nearly July 20 – 28. Be a part of AI and information leaders for insightful talks and thrilling networking alternatives. Register in the present day!
Immediately marks the one-year anniversary of the Colonial Pipeline ransomware attack, one of many largest cyber assaults in latest historical past, the place a menace actor named DarkSide used a single compromised password to realize entry to the US’s largest pipeline operator’s inside techniques.
Through the assault, whereas the hackers started encrypting the group’s information, Colonial Pipeline responded by taking its techniques offline to cease the unfold of the menace, however briefly ceased pipeline operations and ended up paying a ransom of $4.4 million.
Whereas the Colonial Pipeline assault might have handed, ransomware stays an existential menace to fashionable enterprises, and with ransomware attacks on the rise, enterprises have to be ready.
The excellent news is that there are a rising variety of safety controls that organizations can implement to guard themselves from these pervasive threats.
Deploy zero-trust architectures
Login credentials are one of many key targets of cyber criminals. Consequently, it’s turning into extra essential for safety groups to implement help for zero-trust authentication, to make it tougher for unauthorized customers to login with compromised credentials.
“The Colonial Pipeline ransomware assault was yet one more high-profile instance of compromised credentials being leveraged to use a beforehand believed to be safe infrastructure. Consequently, safety protocols should evolve to maintain tempo with dynamic threats throughout distributed computing environments,” mentioned CTO and Co-Founding father of Id Entry Administration supplier Plain ID, Gal Helemski.
Helemski recommend that organizations can forestall themselves from falling sufferer to related assaults by implementing a zero-trust structure that extends entry controls previous conventional community entry safety all through your complete lifecycle of the digital journey.
Implement sturdy incident detection and response capabilities
One of many largest elements that determines the general impression of a ransomware breach is the time it takes for the group to reply. The slower the response time, the extra alternative a cyber legal has to find and encrypt essential information belongings.
“Colonial was an essential inflection level for private and non-private sector infrastructure safety, however organizations want to stay vigilant to remain a step forward of cyber-attackers,” mentioned Director of Cybersecurity Evangelism at ransomer detection and restoration platform Egnyte, Neil Jones.
In apply, which means creating a complete incident response plan, deploying options with ransomware detection and restoration capabilities, and providing workers cybersecurity consciousness coaching on methods to implement efficient information safety insurance policies like robust passwords and multi-factor authentication.
Don’t depend on backup and restoration options to guard information
Many organizations search to defend towards themselves from ransomware threats by counting on information backup and restoration options. Whereas this appears like an efficient protection on paper, ransomware attackers have began to threaten to leak the info they’ve encrypted if the sufferer group doesn’t pay the ransom.
Somewhat than counting on encryption-at-rest, which attackers can use compromised credentials to sidestep, Arti Raman, CEO and Founding father of encryption-in-use supplier Titaniam recommends that organizations change to information in-use safety.
“With encryption-in use information safety, ought to adversaries break by way of perimeter safety infrastructure and entry measures, structured in addition to unstructured information can [and] will [be] undecipherable and unusable to unhealthy actors – making digital blackmail considerably tougher, if not inconceivable,” Raman mentioned.
Create a list of your assault floor
With so many superior menace actors focusing on fashionable organizations with ransomware threats, technical choice makers and safety groups have to have a whole stock of what techniques are uncovered to exterior menace actors and what information they maintain.
“Because the U.S. authorities strikes to bolster nationwide cybersecurity, organizations should take a proactive method to safe their very own belongings, and right here is the place the benefit lies: responsiveness,” mentioned CEO and co-founder of managed safety companies group,Cyber Security Works, Aaron Sandeen.
“By conducting a whole system stock both independently or outsource to a vulnerability administration firm, organizations broaden their cybersecurity visibility of identified and unknown exploits,” Sandeen mentioned.
Whereas the group behind the Colonial Pipeline assault are defunct, Sandeen warns that enterprises will proceed to see a rising variety of exploits, vulnerabilities and APT menace actors prepared to use them, “which is able to want safety leaders offering predictive and creative help in categorizing and eliminating ransomware threats.”
Deploy id administration options to determine anomalous consumer exercise
Within the period of distant working and workers utilizing private gadgets to entry enterprise sources, the chance of knowledge theft is larger than ever earlier than. “A lot of the breaches we hear about within the information are a results of companies counting on automated entry management and realizing too late when a consumer has been hijacked.
“As soon as an account is compromised, identity-based fraud may be extraordinarily troublesome to detect contemplating the superior techniques and randomness of various crime teams like LAPUS$ and Conti,” mentioned CISO of belief platform, Forter, Gunnar Peterson.
Because of this, organizations have to have the power to determine anomalous consumer exercise to allow them to detect account takeover, which Peterson says may be obtained by way of utilizing an AI-driven id administration resolution with anomaly detection.