Federal agencies warn organizations to adopt a heightened state of awareness following the rampant ransomware attacks of early 2021. Experts share four proactive measures you can take to protect your organization.
In May, CISA and the FBI issued a joint cybersecurity advisory, warning asset owners and operators to adopt a heightened state of awareness following the DarkSide ransomware attack. Healthcare organizations in particular are at high risk for cybercrime due to the rapid adoption of telehealth in 2020, which caused increased digital footprint and attack surface.
“The threat of a ransomware attack on healthcare organizations has never been more real, and the sophistication of bad actors and their attacks have grown tremendously over the last year,” says Thomas Lewis, CEO of CyberMaxx. "What makes these cyberattacks so potent is their ability to go unnoticed weeks or even months before they execute encryption of the victim’s data files. This gives malicious actors insight into the most valuable resources and systems which they leverage as ransom."
Don’t think it could happen to your organization? In addition to the widely known Darkside ransomware attack on the Colonial Pipeline in early May, there have been a plethora of attacks on high-ranking U.S. organizations this year. Scripps Health experienced a ransomware attack, resulting in stolen data on close to 150,000 patients. In March 2021, CNA Financial, one of the largest U.S. insurance companies, paid $40 million to free itself from a ransomware attack. This payout ranks as one of the highest ransomware payouts to date. In addition, Apple and Acer both had separate $50 million ransomware demands in early 2021.
Because of the rampant cybercrime, cyberinsurance carriers are reevaluating their ransomware coverage. In May, AXA (one of Europe’s top five insurers) announced that it would stop writing cyberinsurance policies that reimburse customers for extortion payments made to ransomware criminals. A week later, Swiss Re CEO Christian Mumenthaler said in an interview that “overall the problem [of cybersecurity] is so big it’s not insurable.” The widely held view is that ransomware insurance coverage makes victims more likely to pay ransoms, ultimately fueling more attacks. This shift means organizations can no longer rely on ransomware insurance coverage, and leaders should instead focus on taking proactive measures to protect their assets and patient data.
There is no solitary solution that will protect your network. However, providing end-user education, employing a layered security approach, reducing the surface area of attack, and implementing next-generation holistic protection with MAXX MDR can help safeguard your organization by keeping exposure to a minimum. Read on to delve deeper into best practices and steps you can take to better protect your network from ransomware.
Provide End-user Education on Identifying Phishing Attacks
The continued growth of endpoint attacks and the sudden surge in remote working means endpoints are increasingly vulnerable. To combat this threat, create monthly user education and reminders to help end-users better spot suspicious emails and documents before it’s too late. Additionally, set up parameters for employees to pick a strong password and change them frequently – quarterly or bi-annually. Implementing an endpoint protection platform is crucial to mitigate risk, especially since cloud-delivered EPP solutions will exceed 95% of deployments by 2023. CyberMaxx’s fully managed and integrated CrowdStrike implementation ensures endpoint security, handle containment and remediation, all while safeguarding your network.
Expert tip: disable macros for documents received via email. Phishing emails commonly attach macro infected word documents that deliver ransomware and hold networks hostage.
Employ a Layered Security Approach That Takes Attacker Methodologies into Account
Many organizations make a common misstep to rely on protections in only a few locations (i.e., relying solely on perimeter protections), which is not a good practice. Ensuring your organization has a layered security approach with purpose-built platforms designed to integrate seamlessly with one another helps ensure holistic protection. Working with experts who understand adversarial methodologies is a must for enterprise organizations.
According to Blake Strom, a MITRE ATT&CK Lead, the MITRE ATT&CK framework is a knowledge base of adversarial techniques and behaviors that improve detection capability in a measured and repeatable way. Jason Riddle, CyberMaxx President and COO, explains that the MITRE ATT&CK framework is closely related to the Cyber Kill Chain approach. The framework ensures that if security experts don't catch a malicious actor at one entry point, they can detect the attacker if they move on to the next system or execute a different technique to compromise the customer—essentially acting as a tripwire. Security experts can quickly identify if a malicious actor does get a toehold in a customer's network and take swift action.
Reduce the Surface Area of Attack
- Employ a Patch Management Policy that encompasses devices and software in your network.
- Keep a log of when they were last patched and keep to a patching schedule.
- Employ GeoIP Filtering, which can help block internet traffic from countries you don’t do business with to reduce exposure.
- Leverage a Least Privileges Model. Restrict users to only the permissions they need for their job functions, as this can limit the spread of ransomware and lateral movement.
- Ensure you have a Backup and Recovery Plan. Follow the old but time-honored '3-2-1' rule for system/data backups: At least three copies, on two devices, and one offsite. Test the restoration process often to recover from a ransomware incident quickly.
- Employ Multi-Factor Authentication. This tool can help neutralize credential harvesting, protect passwords, and help alert you to potential attacks and reduce lateral movement.
- Extend Your Security Team with MAXX MDR. Finding and retaining IT talent is a challenge. Extending your team ensures around-the-clock, high-quality protection.
Expert tip: A basic reoccurring calendar invite can help hold you and your team accountable to a strict schedule for patching.
Implement Next-Generation Holistic Protection
Proactive prevention is among the essential tactics an organization can implement to ward off harmful ransomware attacks. Prevention is a much more cost-effective approach than waiting until you’re in the middle of an attack to consider investing in cybersecurity protection. The adage is true: Don’t wait until you’re in the middle of a storm to buy an umbrella. Partnering with a modern MDR provider like CyberMaxx means you can ensure your organization is protected from all sides while staying current on new and active threats. Considering the dynamic scope of IT security, extending your team with MAXX MDR, a holistic, three-pronged approach to cybersecurity protection, ensures your organization has optimal 24/7/365 protection.