The following post was written by James Saturnio, Senior Lead Technical Market Advisor for the Technical Marketing Engineering team at Ivanti.

Ransomware is an intensifying problem for all organizations. There are more players in the ransomware space than ever before. And the average ransom is not the $500 Bitcoin that it used to be. On average, organizations pay $233,217 and suffer 19 days of downtime following a ransomware attack.

As security professionals, we need to be vigilant and remain focused on what we can do to protect our organizations to avoid ransomware incidents, as well as what we need to do to recover when ransomware hits our environments.

Few details are available about how the Colonial Pipeline ransomware attack happened, but social engineering, email phishing, and malicious email links are major vectors that criminal organizations use to infiltrate environments and deploy malware.

Unpatched vulnerable software also leaves organizations unprotected from malicious cyber threat actors exploiting known threat vectors to get a foothold into connected endpoints and then move laterally up the cyber kill chain to evolve into an advanced persistent threat. These APTs are often undetected and living off the land within a victim company’s network.

This hack is a reminder that every organization needs to make defending against ransomware attacks a top priority. Organizations need to take a multi-layered approach to cybersecurity to secure their digital workplaces and reduce the risk of breaches. First and foremost, organizations need to implement good cyber hygiene practices and host frequent employee training on detecting and remediating social engineering attacks like phishing. Organizations should implement proven and reputable mobile threat defense and antivirus/endpoint security solutions on mobile devices and laptops, desktops, and servers, respectively.

Organizations should also make sure that all company software and apps are patched and up-to-date, implement a passwordless multi-factor authentication (MFA) solution that employs stronger biometrics and device-as-identity or security keys, and deploy unified endpoint management (UEM) as part of an overall zero trust strategy for access control.

Automated spear phishing exploits have been reported to have defeated two-factor authentication (2FA) in the wild. Hyper-automation technologies that are powered by deep intelligence and employ supervised and unsupervised machine learning algorithms provide visibility and accurately discover all connected endpoints and data, effectively managing these assets and providing the capability to self-secure and self-heal themselves with minimal human intervention.

Additionally, organizations need to prepare for ransomware attacks and do drills to make sure they can recover. If an organization doesn’t have a recovery plan in place, then the ability to not pay the ransom is somewhat jeopardized. In order to recover from a ransomware attack, you can’t simply restore data from a backup onto corrupted systems. You need to reimage hundreds or thousands of systems, prior to putting the data back on. And that, oftentimes, takes a significant amount of time and requires a lot of manual effort and resources. Without a plan in place, organizations might find themselves in a situation where they must pay the ransom in order to get their systems back up and running.

Guest Blog: Can Our Industry Learn from the …

Hot Topics in Cybersecurity Posted by Jen Greco on May 12, 2021