Ransomware is a real threat to global economies. It is possibly the first case of a cyber issue that has gone mainstream to the point that almost everyone knows what it means and how it can affect people. It causes disruptions to everything from energy to healthcare and civil society, and it shows no signs of stopping. So how did we get here?
Data breaches and hacks have traditionally involved an attacker breaching a system, stealing data and leaving by the back door, only to hopefully be discovered shortly after. Think of it as harvesting another person’s field and stealing all their crops.
Ransomware, on the other hand, has evolved to where an attacker can plant their own malicious crops in your field (weeds), making the field and harvest unusable and possibly also stealing the existing crops. This change in an attacker’s approach results in long-lasting damage — not just theft, but disruption to systems, expanding the duration of damage to the victim.
There are three key ways to be more resilient against ransomware, and although none of them are new, they’re still worth examining: identifying exposed areas of your digital estate, more recently known as attack external surface management (EASM); establishing a regular cadence of vulnerability detection and ensuring accuracy; and making frequent backups of critical data.
Think of EASM as a continuous real-time view of what you own. If you were securing your house, you would make sure every window and door has appropriate locks. Ground floor security may require additional, stronger locks. EASM operates on the same idea. It provides you visibility of what you own and informs you as things change. It should also alert you when a metaphorical door is left open or a window is left unlocked. The idea behind EASM is not new, but it has recently gained traction in the industry. Many ransomware attacks in 2021 were due to an exposed service that was unknown to the victims. Employing an EASM solution would have informed the business of the exposed service, which, in many cases, would have only required a simple fix to mitigate the risk, possibly saving the ransomware victims millions of dollars.
If your organization isn’t ready to deploy an EASM solution, consider using open-source tools to scan your external estate such as Nmap, ZMap or Masscan to profile your exposed services. Also, consider using a network vulnerability scanner such as Greenbone/OpenVAS to detect risks. This would be a good start, but it may be difficult to monitor and filter out what is important on a continuous basis.
It is well worth the effort to revisit your attack surface to determine what you currently have exposed and act on any anomalies in due course. A cornerstone of cybersecurity is visibility because we cannot protect what we can’t see.
2. Regular Cadence And Accuracy Of Vulnerability Detection
The weaknesses being exploited by active ransomware threat actors are often not new or complex. They can be as old as three to five years. Many high-profile ransomware attacks in 2021 leveraged old vulnerabilities that could have been mitigated.
A regular cadence of vulnerability management across the full stack (web applications and infrastructure) would have helped detect such weaknesses. Enterprises need to step up their approach and deliver a more frequent and accurate continuous vulnerability detection program in order to identify risks more quickly and mitigate them faster. Accuracy comes into play here and cannot be understated. Without an accurate solution that only reports validated and real vulnerabilities, IT staff may become overwhelmed with the task of prioritization and validation of real risks to the business. This can result in slower response and waste the finite capacity of the IT or cybersecurity team.
3. Backing Up Critical Data
While this is neither a new idea nor a particularly exciting activity, it is a commonly overlooked measure for improving resilience. Ask yourself the question: “If we have a ransomware breach, can we recover?” You need to understand which data is the most critical to the business. This can be a challenge to some businesses, but once done, you can implement a frequent backup cadence. The frequency of backups has a direct relationship with the level of damage a ransomware attack can incur. Higher frequency backups result in less data lost. Loss of data will stop your business from operating and result in catastrophic damage. I recommend knowing which data is critical to the business and how frequently your backups are occurring. Data should be backed up to a secure off-site location and easily recoverable.
There are many more aspects to a robust cybersecurity posture, but starting with the above three points will improve resilience dramatically. Knowing what you need to secure and having continuous visibility of your digital assets are paramount. Enterprises are faced with a determined threat that is constantly looking for weaknesses and exposures, so enterprises need to follow suit. The actions listed above are not effortless, but they can be integrated into business-as-usual activities and become standard operating procedures.
It’s important to understand that simple mistakes, bugs or unauthorized changes can result in very damaging outcomes, but in many cases, such risks can be prevented and detected before the bad guys take advantage. Employing an external attack surface management solution for visibility and service exposure knowledge, establishing a regular cadence of vulnerability management to discover risks and prevent breaches and frequently making backups for recovery are vital pillars that will help prevent you from becoming a victim of a ransomware attack.
Sign up for a demo to see how Edgescan’s approach to managing an effective cybersecurity approach improves your security posture.