As a cybersecurity professional, you're tasked with defending your organization from ransomware. But you can't do it alone. Here are five key points to help you and everyone in your organization. This includes people like:
- The executives you depend on to adequately support and fund your cyber defense efforts
- The IT staff who help make your environment both highly resistant to intruders and highly resilient in the event of a potential attack
- The teammates whose personal vigilance is essential to your organization's digital well-being
1: Attacks have consequences even if they're not 100% successful
A successful ransomware attack — i.e., one that results in an attacker encrypting your data and/or otherwise holding your organization digitally hostage — can have a devastating impact on your business.
March 2023 marked one of the most prolific months for ransomware on record, with observed month-over-month and year-over-year increases of 91% and 62%, respectively. That's worth taking notice of as the costs of ransomware stack up fast — from monetary ransom and difficult operational recovery to brand reputation challenges that can impede your performance for years to come.
But even if you stop an intruder short of full-on encryption, the cost of even an almost-successful attack can be significant. You can still lose revenue because you have to shut certain critical systems down temporarily. You may still have a regulatory requirement to report the event to your customers. Your attacker may even threaten to “name and shame” you despite not having been able to achieve their main objective.
Everyone therefore needs to take the threat of ransomware seriously — because an attack can adversely impact everyone in both the near term and the long term.
2: Attackers can now “pay to play”
Gone are the days when an attacker had to be skilled and committed enough to develop their own attacks, choose their own targets, execute their own initial breaches, sniff their way through their victims' environments, and launder their own ransom payments.
Cybercrime has rapidly evolved into a mature marketplace with supply chains, labor specialization, and even franchise models. Ransomware is essentially available as a service to anyone who has a few bucks to invest.
That low cost of entry is making the world more dangerous for you and your organization in multiple ways. A lower barrier to entry makes it much more likely that your organization will be attacked — even if you don't think you're an especially juicy target. Additionally, because they're outsourcing attack execution, attack developers are now free to focus almost exclusively on the technical aspects of their attacks. That focus makes it much easier for them to innovate in all kinds of nefarious ways.
3: Humans are consistently the weakest link in ransomware defense
Even if you implement multifactor authentication (MFA), a single careless act by an everyday user can put your whole organization in jeopardy. For example, an attacker can phish people by posing as payroll performing some routine administrative update.
When the attacker then sends that person some kind of phony follow-up request, they may just naturally click “OK.” And just like that, their credentials are compromised.
MFA alone is therefore obviously insufficient. You also need policies in place that help users understand exactly how they need to protect their credentials (for example, by calling payroll to confirm that there's a legitimate administrative update underway). And you may also even need to try phishing your own users to make sure that their behaviors conform with your policies.
4: IT is critical in building strong cyber defense
As sophisticated as their ransomware may get, attackers ultimately count on their victims failing to execute on at least one cyber defense best practice. And that best practice may have nothing to do with how well your security team is doing its job. Instead, they'll count on IT administration and operations overlooking a step in some way that may seem trivial — but that gives the attacker the leeway they so furtively seek.
These IT best practices include:
- Vulnerability patching. Sure, it's tough to keep all your systems patched with the latest security updates — especially as your environment gets larger and more complex. But it's also very easy for attackers to scan for weak spots. Organizations need a strong system in place for tracking, prioritizing, and executing patches across your environment.
- Privilege controls. IT administrators should never use the same credentials too broadly. Rigorous identity and access management (IAM) constraints may add a few keystrokes to admins' daily routines — but those constraints are often the only “perimeter” standing between an attacker's initial breach and their nefarious goal.
- Tested recoverability. It's one thing to backup your data and systems. It's another to test restoration of your operations from those backups to ensure that they will really work under live conditions. In fact, the most resilient organizations ensure they're ready to respond quickly and confidently to an attack by performing a wide range of preparatory exercises that include business functions such as finance, legal, and customer care in addition to security and IT.
5: Implement extended detection and response (XDR)
Conventional endpoint detection and response (EDR) is required for good defense, but alone it isn't enough to defend against ransomware and other threats. Today's attacks are too stealthy and too readily evade endpoint-specific telemetry. It's thus essential to gather telemetry from across your entire environment — including endpoints, networks, and cloud — and utilize advanced analytics to determine whether any combination of that telemetry is indicative of an attack.
You also need XDR to identify specifically what type of attack may be underway, so you can immediately take appropriate measures to neutralize and eliminate it. And you have to do this while avoiding the danger of alert fatigue by aggressively minimizing your false positives.
Secureworks® Taegis™ XDR is especially effective for protecting yourself against the latest and most sophisticated threats you face. Taegis XDR uses detection analytics that are continuously driven by the threat intelligence we gather from our world-class proactive cybercrime research team, our professional incident response engagements, and the three trillion events we collect from our customer every day.
But remember: Effective security requires more than just XDR alone. The safest organizations are those that combine XDR, other best-in-class security technologies, diligent patching, MFA, IAM best practices, user education, and diligent incident preparation to mitigate their exposure to all the threats coming at us all exposed every day.
Please feel free to circulate this blog to all appropriate stakeholders across your organization. And if you'd like to learn more about how Secureworks solutions can help your organization stay safer without busting your budget, request a demo today.