Defending against ransomware attacks and other cyber threats takes more than just setting up detection measures to identify potential malicious activity. Cybersecurity teams need to ensure that the network is made unattractive to cyber criminals by making it difficult to break into in the first place.
Ransomware is a major cybersecurity problem facing organisations around the world, as cyber criminals break into networks, encrypt files and servers, and then demand a ransom payment that can amount to millions of dollars in exchange for the decryption key. This is often combined with stealing data and threatening to release it if a ransom isn’t paid.
According to Microsoft, the rise of ransomware-as-a-service (Raas) – kits developed and sold on dark web forums that allow people with minimal technical knowledge to launch ransomware attacks – is lowering the barrier for entry and causing challenges for network defenders.
SEE: Ransomware: Why it’s still a big threat, and where the gangs are going next
In the vast majority of cases, cyber criminals are exploiting common configuration errors in software and devices to gain the required access to networks. Microsoft suggests there are several practices that IT security teams can implement to make networks more resilient to cyberattacks and less of a target for cyber criminals.
This includes assuming the network has been breached and adopting a Zero Trust approach to cybersecurity, a process which means that an identity is never trusted and always verified at each request to access part of the network.
Elements of zero trust security include verifying users with multi-factor authentication (MFA), ensuring that only managed and compliant devices can connect to the network, and keeping private datacentres, cloud infrastructure and offline backups secured.
By embracing a cybersecurity culture that acts as though cyberattacks are actively occurring, professionals can help prevent threats to the network – particularly if the environment is also monitored for suspicious activity.
Secondly, organisations should ensure that identities – usernames and passwords – are protected from compromise and that the potential for lateral movement is minimised, so that if logins are compromised, it’s not possible to use an account to escalate privileges and gain access to admin accounts that could be exploited to easily help facilitate ransomware attacks.
SEE: What is ransomware? Everything you need to know about one of the biggest menaces on the web
Steps that can be taken to help secure accounts include protecting and monitoring identity systems to prevent escalation attacks, and detecting and mitigating activity on compromised devices, as well as limiting who can access sensitive data.
Third, Microsoft also recommends that IT security teams are properly equipped to prevent, detect and respond to threats through the use of technologies such as security information and event management tools.
That process includes understanding typical attack vectors – such as remote access, email and collaboration, endpoints, and accounts – and taking steps to prevent attackers from getting in, including enforcing MFA for all users and ensuring that accounts are secured with strong passwords.
Software should also be regularly updated with the latest security patches to prevent cyber criminals from exploiting known vulnerabilities to access networks.
“Ransomware actors are not using any new and novel techniques. The same guidance around timely patching, credential hygiene, and a thorough review of changes to software and system settings and configurations can make a difference in an organization’s resilience to these attacks,” said Vasu Jakkal corporate vice president for security, compliance, identity, and management at Microsoft.
“Because cyber criminals rely on security vulnerabilities they can exploit, companies can help block attackers by investing in integrated threat protection across devices, identities, apps, email, data, and the cloud,” she added.