SECUREWORKS CORP. I recently had the opportunity to do a podcast on ransomware hosted by Enterprise Management 360 and moderated by Dr. Eric Cole of Secure Anchor Consulting. The podcast offered me a great forum to review the current state of ransomware and the measures we must all take to combat it.
Among the points I covered were:
The need to rightsize ransomware defense. Effective defense against ransomware attacks requires some investment. But you're not going to get that essential funding unless you make a compelling case to your executives. The conversation about defeating this threat should involve the whole business, and it should involve clarity about the potentially enormous cost of not preparing effectively.
An evolving cybercriminal ecosystem. The sheer volume of ransomware attacks is being fueled by an ecosystem financed by ransomware successes. This ecosystem includes ransomware developers selling their capabilities on an as-a-service basis, affiliates that specialize in operationalizing RaaS offerings, and facilitators that specialize in gaining access to target environments.
An evolving ransomware response ecosystem. On the other side of the equation is an ecosystem of support for organizations that are potential or active victims of ransomware. This ecosystem includes cyber insurance providers, ransomware payment brokers, incident response specialists, lawyers, and PR crisis teams. The involvement of these groups affects the economics of ransomware for both attackers and victims.
The fundamentals of ransomware defense. Ransomware perpetrators are driven by economic incentives. Put simply, they won't waste their time on a difficult target because they've likely got plenty of others to pick from. Ransomware defense should be about making your environment tough enough to not be worth the trouble. That goal requires, at a minimum, implementing some fundamental security controls: keep your externally facing systems fully patched, utilize multi-factor authentication, and make sure you have the proper endpoint threat detection in place. Keeping offline backups is also essential, not as a deterrent, but to make recovery easier if prevention and detection fails. And it's critical that if you do experience an attack, you're able to investigate how the threat actors got in, to make sure that you plug those gaps going forward.
The importance of a prepared ransomware response. Ransomware response is about prevention and detection. You need both to be successful, because prevention may not be completely effective every time. If an attack does get through, you need to have the ability to detect it and then respond. That is why I discussed the importance of having an incident response plan, rehearsing it, knowing in advance how to communicate with your service providers and other third parties, and considering in principle the organization's position on ransom payments.
I also discussed the value we get from our Taegis™ XDR platform when it comes to defending against ransomware. By bringing together data from a range of different sources and running our intelligence over it, we're able to detect attacks early and take corrective action to contain and remediate the attack. Speed is of the essence in ensuring that a threat actor is isolated before they can gain freedom of movement in the environment and ultimately stage and deploy their ransomware.
I encourage you to give the podcast a listen. You may also want to share the link with executives in your organization who have the power to resource your anti-ransomware efforts. It might be just the context they need to appreciate the importance of addressing this threat now, rather than waiting for ransomware actors to strike.
You Might Also Like- Ransomware Evolution
- Phases of a Post-Intrusion Ransomware Attack
- Post-Intrusion Ransomware Incident Response
Attachments
- Original Link
- Original Document
- Permalink
Disclaimer
SecureWorks Corp. published this content on 10 March 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 10 March 2022 14:13:06 UTC.
