Intelligent CISO Issue 43 - Page 67

decrypting myths

Ransomware : Why least privilege is key for prevention

Ransomware is universally recognised as one of the top risks that organisations are facing today , with attackers exploiting fears and uncertainty around COVID-19 to boost their rate of success . David Higgins ,
EMEA Technical Director at

CyberArk , tells us which tools and solutions organisations should consider investing in to protect themselves , and he highlights the best practice approach for protecting against ransomware attacks . w

Where does ransomware sit within the modern threat landscape ?
Within cyber , it ' s got to be up there as one of the top risks that organisations are tracking .
You only have to look at the importance that the US government , for example , has recently put on ransomware through its mission statements to see how prominently it is being recognised , not just within the west but further afield globally .
What are the different types of ransomware and how do they impact organisations ?
There are four categories of ransomware and all focus on impacting the ‘ CIA ’ triangle – confidentiality , integrity , or availability of data .
The first type is scareware , where victims get a pop-up on their screen stating there are vulnerabilities on their machine and they need to click on a link to pay for the software to fix the vulnerabilities . It scares people into paying for something they really don ' t need . But it ’ s the other three categories that are causing problems these days .
First is crypto , which is where the ransomware will go out and encrypt data and then hold the organisation to ransom in order to retrieve the encryption key .
Another variant , very similar in terms of its impact , is a locker variant ransomware which will lock out a system . Rather than encrypting data , it locks out a device and won ’ t allow access until the attacker is paid .
The fourth version – which is something we ' re starting to see more and more recently and is twinned with either crypto or locker – is extortion . This is when data is stolen , exfiltrated and then held to ransom . Attackers will say ‘ if you don ' t pay us , we ' re going to release this data on the Darknet ’, as an example , and you end up paying for the right to go and delete your own data from the attacker servers . www . intelligentciso . com