Protect Your Organization Against Ransomware Attacks
The following best practices can help focus strategies to protect against this growing threat:
Know Your Risks and Plan Accordingly: There are several ransomware attack strategies that organizations need to prepare. Web-based attacks that target and compromise vulnerable systems are a significant attack vector, and Secure Web Gateways can help protect end-users. Fortunately, 52% of organizations include such technology in their ransomware plans. But the most common entry method reported by respondents was phishing, which combines social engineering and user manipulation with an infected email that includes malicious links or attachments. And while end-user training can go a long way towards preventing users from clicking on a malicious link or attachment, it only provides a partial solution. A modern secure email gateway should identify malicious links and attachments, analyze them in a sandbox, and ideally disarm them before they ever lure a user into downloading ransomware or (for those with a high-security concern) browse to links and files in an isolated browser environment.
Stop Known Threats: Organizations should also seek out a platform-based cybersecurity solution that stops known ransomware threats across all attack vectors. This requires a layered security model that includes network, endpoint, and data-center controls powered by proactive global threat intelligence. In addition to traditional security tools, it should also include behavioral analytics to quickly identify and stop a breach.
Detect New Threats: As existing ransomware is constantly morphing and new ransomware is being released, it is essential to implement sandboxing and other advanced detection techniques to pinpoint new variants across those same vectors. Similarly, real-time behavioral detection at the endpoint is just as critical as detecting malware on its way to the endpoint.
Protect Endpoints: And while new advanced endpoint technologies like EDR (endpoint detection and response) can identify malicious ransomware—based on behavior in addition to threat intelligence, organizations need to implement critical technologies like Secure Web Gateways, SASE, and ZTNA for secure application access to extend protections to their remote and mobile workers.
Prepare for the Unexpected: Dynamic network segmentation helps protect against ransomware’s worm-like behavior. With an effective segmentation strategy in place, a breach can be restricted to a small portion of the network. Likewise, data backup with offline storage and recovery is critically important.
Encryption is Critical: Although it can be time-consuming, encrypting all data at rest prevents criminals from threatening to expose data online or resell stolen information on the dark web if a ransom is not paid.
Secure the Entire Infrastructure: Traditional WAN connections are rapidly being replaced with SD-WAN because it is inherently smarter and more agile. But in many cases, SD-WAN is not necessarily more secure—which is why every organization with an SD-WAN strategy needs to be considering a secure SD-WAN solution (SD-WAN built on a security-based platform, like an NGFW) as their primary approach to replacing legacy remote connectivity to cloud and data center resources from branch offices and certain super-users.
Ransomware Attacks are a Global Concern
Ransomware has become a top global concern. The White House has announced the formation of a cybersecurity task force. It has also designated those who perpetrate ransomware attacks as terrorists, giving law enforcement agencies additional resources and stricter penalties when fighting cybercriminals. Other countries are doing the same. Law enforcement agencies, like Interpol, are also raising the bar on combating ransomware. The Department of Justice has also directed federal prosecutors across the U.S. to coordinate any ransomware investigations with the new Ransomware and Digital Extortion Task Force set up to focus on ransomware.
But we all need to do our part. And that starts by building an effective ransomware strategy, including critical security resources designed to address ransomware attack vectors. It’s an action every organization needs to prioritize.
Learn more about the findings in the 2021 Ransomware Survey Report and how organizations can implement protection and defensive measures.
This is an excerpt of the Fortinet Ransomware Survey Shows Many Organizations Unprepared, published originally here.