decrypting myths
Once in , attackers typically escalate privileges , install persistence , steal credentials and repeat the process as they move laterally through the environment . Finally , they will execute their objectives , which is to steal and encrypt data , before extorting the victim . Unlucky victims can sometimes find themselves in a double extortion scenario where they end up paying twice ; once to decrypt files and subsequent payment to prevent confidential data being publicly released .
Ransomcloud is also on the rise . These attacks exploit weaknesses or legitimate functionality in cloud resources to deploy malware , encrypt data and extort money from organisations . As more businesses embrace cloud to improve their efficiency and operational agility , the security risks inevitably increase . Organisations that race head-first into the cloud without architecting secure cloud services are particularly susceptible to attack .
Any ransomware attack can cause extensive loss of data and operational downtime for businesses . To outpace an escalating threat landscape , security strategies must be built on stronger foundations than cyber insurance alone .
Strengthening defences against ransomware
Many organisations are realising the need to prioritise and plan to mitigate the ransomware threat . Yet , opportunities for improvements remain . Bridewell research found that only 36 % have a security information and event management ( SIEM ) platform in place – a crucial tool to detect and alert against intruders . Furthermore , just 43 % have implemented technical controls to prevent unauthorised access and stop key directories and files being deleted , overwritten , or encrypted . And while nobody enjoys thinking about those fraught moments immediately after a cyberattack , over half ( 62 %) don ’ t even have a plan for decision-making on whether to pay the ransom .
But the picture is not all doom and gloom . Organisations have an opportunity to strengthen their cybersecurity posture in the face of these rising threats . The first step is to educate end-users on evolving ransomware risks , how they work , how they can be mitigated and how any incidents should be reported .
Once the education is in place , organisations should implement the technology required to identify the opportunities within the kill chain to detect the adversary activity and subsequently evict them from the environment . This includes strong endpoint , email and cloud app detection and response capabilities , backed up by a central SIEM platform and managed detection and response ( MDR ) service that monitors alerts 24 / 7
Organisations that race head-first into the cloud without architecting secure cloud services are particularly susceptible to attack .
76 www . intelligentciso . com