Intelligent CISO Issue 52 - Page 67

decrypting myths

How organisations can effectively defend against ransomware

As instances of ransomware increase across EMEA , organisations must adopt a robust approach to cyber defence by prioritising prevention measures . Zac Warren , Chief Security Advisor , EMEA at Tanium , tells Jess Abell , Director of Strategic Content at Lynchpin
Media , how organisations can strengthen their defences by enhancing endpoint visibility and reinventing their approach to patching .

D

Despite increased investment in cyber defence , why is the problem of ransomware worsening ?
Simply , ransomware is quite easy to do . In the past few years , attackers have realised that they no longer have to code malware themselves ; they can rent it as a service . As a result , many criminal organisations have found it easy to launch these types of attacks . There have also been several big ransomware payouts which encourage attackers to carry out more attacks .
What does a typical ransomware attack look like and how does it progress ?
Typically , an attack starts with the reconnaissance of an environment . The bad actor will scan environments to look for vulnerabilities while simultaneously looking at individuals . Then , they often start doing social engineering and gathering data on individuals . Once they ’ ve gathered the necessary information , they begin weaponising it , which usually involves launching a phishing attack via email . If people click on these links and enter their credentials or other sensitive information , such as a username and password , then the attacker has an opportunity to compromise the network .
They ’ ll also look for vulnerabilities in the Internet-facing software and devices or unpatched systems . Attackers use these potential entry points to gain access and typically find an existing piece of malware in the environment , so they can re-enter the environment anytime they want .
Sometimes we see organisations that have had a bad actor in their environment for over 300 days and didn ’ t know about it , clearly depicting a lack of visibility . Ultimately , once the attackers understand which servers hold data critical to the business , they begin encrypting the data so that it is no longer accessible . However , before they encrypt it , they will likely steal the data and look for connections to any backup systems before destroying them . This can be a challenging situation to get out of because I have seen multiple www . intelligentciso . com
67