As one of the unfortunate benefactors from the changing business behaviours of the pandemic, ransomware attack trends continue to evolve. During the last year, malicious actors have attacked anything from healthcare organisations and medical trials, to education and the public sector, and even business supply chains. The gravity of the threats of ransomware was exemplified by the attack that shut down the cross-country gas pipeline system Colonial Pipeline; the largest U.S. fuel pipeline, leading to it closing its entire 5,500-mile pipeline system that carries liquid fuels, including gasoline.
With the damaging impact these modern attacks can have on organisations everywhere, no matter the industry, security professionals must always be ready to secure their systems, networks, and software in new ways. The recent Fortinet FortiGuard Labs Global Threat Landscape report showed that ransomware remains a prolific threat, so much so that the number of attacks increased in 2020 and became even more disruptive. Therefore, it is of paramount importance that organisations understand the threats at hand and instill endpoint security software and device protection solutions to secure every user and device, on and off the network, with advanced response.
A new era of ransomware
The advanced ransomware attacks of today take seconds to compromise endpoints and have the potential to cause untold damage to systems and infrastructure, making it critical to ensure organisations are prepared. As attacks grow in sophistication, the impact they can have goes far beyond the financial losses and decreased productivity often associated with systems going down.
With digital transformation taking a hold of organisations globally, the convergence of IT and OT systems has led ransomware attacks to target new data and technology types. Devices in the field including the Industrial Internet of Things (IIoT) have become new targets, resulting in malicious actors shifting their focus from corporate networks to the OT edge. At the OT edge, devices carry far more value than sensitive information and are responsible for people’s physical safety, demonstrating the severity of attacks on these networks. As a result, power grids, transportation management infrastructures, medical systems, and other critical resources are being threatened more than ever before.
Creating a zero-trust access (ZTA) strategy
Attackers know that end-users are high-target, high-value assets. Ransomware leverages social engineering attacks, preying on fears as a way to execute malicious code on devices. With this in mind, cyber hygiene must start as a board-level conversation. A top-down approach to create strong ransomware mitigation must establish a zero-trust access (ZTA) strategy that includes segmentation and micro-segmentation.
By regularly backing up data, storing it offline and off-network to ensure rapid recovery, as well as encrypting all data inside the network to prevent exposure, organisations can break down the risks and target them with effective strategies. Practicing such response strategies can ensure all responsible parties know what to do in case of an attack, thereby reducing downtime.
Outside of these best practices, implementing a strong security posture that includes behaviour-based endpoint security can automatically detect and defuse potential threats in real-time, even on already infected hosts. And organisations also need to have a plan in place through change management and change control processes to ensure that emergency patches to software and systems are able to be responded to.
However, the overall responsibility goes far beyond the security team. Only by developing a culture of security throughout the organisation will threats start to be tackled. It is important therefore to continuously provide employees updates on new social engineering attack methodologies so they know what to look out for. Getting serious about cybersecurity training and awareness for employees as well as family and students, will help protect the new branch office created by remote working.
Prioritising integration and collaboration
The importance of engaging all internal and external stakeholders, including law enforcement, in protecting against ransomware cannot be understated. By collaborating across organisations, increased data points can ensure more effective responses to the threats. It is through sharing intelligence with law enforcement and other global security organisations that highly sophisticated interconnected cybercrime groups are able to be taken down. Defeating a single ransomware incident at a single organisation does not reduce the overall impact that other strains can have on different industries.
Connected cyber criminals have been known to target a variety of companies, verticals, systems, networks, and software in their attacks. In order to make these attacks more difficult and lower the levels of success for cyber criminals, public and private entities must collaborate by sharing threat information and attack data. Private-public partnerships also help victims recover their encrypted data, ultimately reducing the risks and costs associated with the attack. It is important to remember that cybercrime lacks borders. Actionable threat intelligence with global visibility helps both the private and public sectors shift from taking a reactive approach to being proactive.
Using AI to build defensive playbooks
Much like any good strategy, developing and sharing playbooks across organisations, offering a detailed view of cyber criminals’ touch-points, will allow organisations to enhance their response activities. Playbooks provide defenders with winning strategies against present and future cyberattacks and when paired with Artificial Intelligence (AI), security teams can leverage them to build an advanced, proactive protection framework. AI supplies the tools necessary to evolve defence methodologies at the same rate as cybercriminals to create more refined and granular responses earlier in the attack cycle.
More is at stake now than ever before, as many businesses continue remote operations and press ahead with digital transformation. It is likely that even after the pandemic, attackers will be equally prepared to adapt again to security changes and exploit more vulnerabilities. Organisations must therefore take a more proactive approach with real-time endpoint protection, detection, and automated response solutions to secure their environments. Best practice cyber hygiene, zero-trust policies, network segmentation and encryption offer some protections but these strategies work best when organisations also leverage asset visibility tools to identify their critical assets. Most importantly, the human firewall of defence remains as important as the technology that sits behind it. Building relationships with law enforcement to share information and threat intelligence is the final piece of the ransomware puzzle – the only way to defeat cybercriminals is to work together against them.
Contributed by Steve Mulhearn, director of enhanced technologies, Fortinet