With much of the workforce still online and new hybrid work strategies enabling employees to continue to work remotely at least part of the time, every one of us is now a potential conduit for an attack. According to a recent global ransomware survey conducted by Fortinet, a staggering 67 percent of organizations report having been a ransomware target. While a few high-profile incidents have received the lion's share of media attention, the real impact is felt daily by thousands of enterprises, small businesses, federal agencies and local governments. The challenge is what to do next and how to pivot to the next defensive step.
TAKE ACTION WITH EDUCATION
Anybody can get involved and join the fight against cyber crime. Because most cyber crime starts with the end user, educating workers on best-practice cyber hygiene helps transform them from victims to the organization's first line of defense, especially as undersecured home networks increasingly become the targets of cyber attacks.
Starting with the Fortinet NSE Institute program, which offers free courses for anyone interested in learning about cybersecurity as well as more advanced programs for cybersecurity professionals, anyone can fortify their cybersecurity arsenal. Understanding the basic ins and outs of cyber warfare is an excellent start to thwarting attacks. Learning what to look for in even the most sophisticated, realistic phishing emails and malvertising can empower everyone to not fall for social engineering ploys. Adding things like password protection, password managers and multifactor authentication can help further guard personal information.
GET THE RIGHT TOOLS TO COMBAT RANSOMWARE
In addition to education, organizations need to be armed with the right tools designed to mitigate ransomware attacks and other critical threats. These include:
- Zero-Trust Network Access: ZTNA should be part of any strategy that involves secure remote access and improves upon the perimeter-based network security model used by traditional VPNs of "inside means trusted" and "outside means untrusted."
- Network Access Control: Network access control, or NAC, authenticates every device seeking network access, whether connecting from inside or outside of the network. It then provides continuous monitoring to provide systems administrators with enhanced visibility into every end user and IoT device on their network.
- Network Segmentation: Once they establish a foothold, ransomware attacks exploit the limited security inside the perimeter by moving laterally across the network, looking for critical data and devices to encrypt. Dynamic network segmentation limits the destructive capabilities of ransomware and other malware by restricting all users, devices and applications to specific areas and resources on the network, effectively quarantining attackers before they even launch their attack.
- Secure Email Gateway: A modern, secure email gateway delivers protections far beyond those provided by email services. Because malicious email attachments are still the primary vector for compromising networks, the secure email gateway's ability to detect and disable malicious attachments and links before they ever reach the user's inbox is a crucial first line of defense.
- Secure SD-WAN: Providing secure, flexible access between branch offices and campus, branch, data center and cloud resources help ensure that your WAN is every bit as secure and reliable as your local LAN environment. High-speed cloud on-ramp, zero-touch deployment, self-healing connections, and integrated security ensure that protections seamlessly follow and adapt to connections, helping to ensure optimal user experience without compromising protection.
- Sandboxing: Advanced and unknown threats are often able to bypass traditional security. Sandboxing allows unknown applications, links and email attachments to be inspected and analyzed in a secure environment. Malicious content can then be deleted or disarmed before impacting the network or devices.
- AI-EnhancedSolutions: Organizations can also stay one step ahead of bad actors by leveraging tools enhanced with artificial intelligence (AI) to detect threats and implement countermeasures. Automated threat detection and AI are critical tools for state and local organizations to identify and address attacks in real time and mitigate them at speed and scale.
FOUR CRITICAL STEPS OF A RANSOMWARE STRATEGY
Other actionable steps organizations can take to prevent and mitigate ransomware include building a strong defense, garnering companywide buy-in, and having effective triage and recovery plans in place.
Defend: Access identity management programs, including multifactor authentication (MFA), are essential to know who and what is on the network at all times. Organizations should also compartmentalize access and use segmentation to slow and isolate malware in the event of an attack.
Get everyone involved: Company executives, legal, corporate communications and HR teams all need to be at the table for the planning and execution of a security strategy, including business continuity and crisis management.
Triage: Limiting access privilege, segmenting the network and maintaining good cyber hygiene can buy precious time in the event of an attack.
Recover: Disaster recovery is simply not enough. Prevention tactics such as quickly pivoting to the cloud to ensure business continuity and creating "clean rooms" that replicate infrastructures can ensure faster recovery times.
Conclusion
Unfortunately, ransomware isn't going away any time soon — it's too lucrative and pervasive now, with ransomware-as-a-service business models running like a well-oiled machine. And we are also seeing rapid growth in new malware-as-a-service tools, which will further amplify the volume of threats we need to address. The sooner we realize that everyone is a target, the faster organizations will embrace things like cybersecurity training and education. And it is critical that organizations also embrace the essential value of advanced solutions like email security, segmentation, sandboxing, NAC and similar tools and strategies designed to detect, prevent and limit ransomware and other malware. The organizations that take the time to integrate these critical technologies into their networks will come out on top. And beyond that, those organizations that recognize how today's security tools not only need to provide core capabilities but also be fully integrated with actionable threat intelligence will be closer to achieving the omniscient visibility they need to protect their networks, now and in the future.