Cybersecurity professionals are inundated with conversations, statistics, and news stories about the threats of ransomware every day. But what can organizations do to effectively mitigate these threats?
Roger Grimes, Data-Driven Defense Evangelist for KnowBe4, gets to the meat of this question in his latest Remote Sessions webcast for SecureWorld.
In this thorough presentation, Grimes covers all elements of ransomware attacks, from working with lawyers to how attackers run a Ransomware-as-a-Service (RaaS) operation.
The root of ransomware attacks and preparing for the worst
Grimes says understanding how a malicious actor can access your network, then making sure your organization has the proper defense in place, is the best way to reduce the threat.
"If you have thieves coming into your house and stealing stuff from your house, you've got to figure out how the thieves are coming in. Are they coming through the windows, the doors, the attic, the walls, the floor?
You've got to figure it out if you want to stop people from breaking into your house. You've got to figure out how they're breaking into your house and stop those root causes of initial exploitation. Then, and only then, can you put down the threat. The same thing with ransomware."
Though the techniques used by malicious hackers are evolving every day, there are a few simple defense tactics Grimes recommends, in addition to testing whether your organization's network can successfully block cyberattacks and other advanced tactics.
Here are a few guidelines to help better protect your organization.
Top 5 ransomware defense methods most orgs can implement now
1. Bring awareness to social engineering and mitigate those risks
Social engineering, according to most experts at SecureWorld, is the key reason cyber incidents are thriving. The majority of attacks begin with a victim clicking on a link, one that has been intentionally designed to look legitimate.
"It's clear that social engineering is the number one way that ransomware gets into people's environments," says Grimes.
Further, Grimes reports that 70 to 90% of all malicious data breaches involve social engineering to a certain extent.
2. Patch software requiring internet access regularly
If social engineering is the number one problem, unpatched software is a close second when it comes to leaving your network vulnerable to a ransomware attack.
Grimes says between 20 to 40% of successful data breaches happen because of a failure to patch software.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently released an extensive listing called the Known Exploited Vulnerabilities Catalog, which gives organizations a place to start when patching software used regularly by many companies.
3. Implement multi-factor authentication (MFA)
Grimes was very forward about the fact that MFA will not solve every problem. However, updating to use MFA where you can will add an extra layer of protection.
"Using multi-factor authentication where you can to protect logins and using non-guessable passwords that are different for every website in service where you can't use MFA. That will prevent the password guessing and the password spray attacks.
Make sure you enable account lockout policies on every login portal that you control or manage, including any application programming interfaces, APIs (Application Programming Interface). Acme, in particular, said that 65% of password spray attacks were against APIs and not the normal login portals that you and I would normally associate with password guessing."
4. Educate users how to spot rogue URLs
Grimes does a very in-depth analysis of how ransomware gangs operate in this presentation, and a notable point is the attention to detail they use when luring victims to click on links.
"Teach yourself and your friends and your family and your coworkers how to spot rogue URLs."
Just a few ways to spot rogue URLs is by looking for slight misspellings (sometimes they can be as minimal as an extra space or letter), a brand name linked to a domain that is not official, and file attachments that look like a link.
5. Grant the least-permissive permissions to users
One of the best practices for data protection is authorizing the minimum levels of permissions to users necessary for them to perform their assignments. By another name, it is known as the Principle of Least Privilege.
"Make sure you use least-permissive permissions. You don't want to be logged into your computer as local administrator when you're picking up email or surfing the web. That's just asking for trouble. And when you have files on the internet, make sure they're using least-permissive permissions.
A really common avenue of successful attacks is people that have accidentally left some information they thought was private. They thought it was like, 'Oh, nobody sees it but me,' but it turns out it's everyone full control or everyone can read, and they end up having data leaks."
Be sure to watch this helpful presentation, available on-demand, about all things ransomware, which can better prepare your organization in the incident you do have a network hostage situation on your hands.
[RELATED] Collaboration is ultimately how we can work to reduce the threat of ransomware and other malicious cyberattacks. Read 10 Ways to Build an Effective Cybersecurity Awareness Campaign to learn ways to improve your organization's outreach and secure your network.
SecureWorld has two virtual conferences coming up and registration is currently open.