This is part 3 of a series on ransomware. Read part 1 here. Read part 2 here.
We heard from some of the top cyber experts on what the threat of ransomware means for not only hospitals, but the election, how organizations can defend against it, and if the industry feels ransomware is going to be an even bigger problem in 2021:
Reuven Harrison, CTO, Tufin
“Ransomware attacks often work by encrypting files and making data inaccessible to the business. Attackers then demand a payment to decrypt the data. To circumvent the attack you should have an up-to-date and easy-to-restore backup of your data. The backup should be stored offline so that the malware can’t reach it.
Reducing the attack surface, detecting malware and eliminating vulnerabilities can all reduce the risk of being hit by a malware attack.
Lastly, organizations at risk should have some cryptocurrency available just in case. Figuring out how to buy cryptocurrency while your system is down is not fun.”
Tim Mackey, Principal Security Strategist, Synopsys CyRC
Hospital systems face a resource challenge that is strained further when a crisis is present in the community. Unfortunately, patient data is something that is uniquely identifying to a person and something that can’t be changed. Attackers know these details, which makes hospital systems and healthcare providers prime targets in the best of times. With a credible threat of an imminent attack, IT professionals should look for evidence of existing compromise including unexpected data transfers. They should also take the opportunity remind employees about good cybersecurity practices. In parallel, this is a perfect reminder that cyberthreats are persistent and constantly evolving. Threat models, disaster recovery plans, and incident response measures need constant review to ensure they address the current threat landscape. Importantly, there should be a focus on how to detect when unexpected activity is occurring rather than attempting to recover once the damage is done.
Matthew Gardiner, Principal Security Strategist, Mimecast
“Ransomware focused cybercriminals are continuing to hone and focus their attacks. They clearly are going to where they believe the financial payoff will be the highest. This means they look for a combination of ease of entry, meaning relatively weak security programs, combined with a high willingness and ability to pay. These cybercriminals have increasingly found this combination in healthcare delivery hospital systems. These types of enterprises are highly dependent on IT to run their operations and also house some of the most sensitive data in existence. It seems clear that multiple cybercriminal groups have simultaneously discovered, particularly in this time of high pandemic related pressure, that healthcare providers around the world are very profitable targets for their financially motivated criminal activity. It remains absolutely critical that these organizations honestly assess their security programs and fill key gaps or these terrible stories will continue to be a daily occurrence.”
Rick Vanover, Senior Director of Product Strategy, Veeam
“The CISA’s alert regarding ransomware activity targeting health care facilities, coupled with advice from the FBI and Department of Health and Human Services, indicates this increased cybersecurity risk to be taken seriously. There is clearly an increased threat to hospitals and healthcare providers, and given the current strain on healthcare providers with COVID-19 every IT professional in every organization, healthcare or otherwise, should be constantly re-assessing the ransomware threat. The threat changes and so must the counter measures. Different ransomware strains have different behaviors, mode of entry, and interaction with systems and data. For organizations who have dealt with ransomware incidents and recovered, you will see that changes were made in many of these implementations, but sadly after the attack. If you have yet to deal with a ransomware threat to your data, now is the time to make some changes to bolster your resiliency.
Now more than ever, healthcare organizations are depended upon by all of us, and the systems that help delivery proper care all require access to valid data. The technology investments and achievements in healthcare over the recent years is truly, one of the best examples of a digitally transformed industry in my opinion. So much so, that on this topic that one could argue that healthcare cannot function properly in a ‘manual mode’ without access to the data and related technology investments that ensure proper delivery of ongoing care. Recovery from ransomware is 100% predicated on what implementation techniques have been done ahead of the attack. Is there an ultra-resilient copy of backup data? Is there a secondary disaster recovery location as an option? Is there knowledge of the tools and processes to operate this heightened level, and large scope of a recovery? If the answer anything less than “Yes!” to any of these questions, now would must be time to prepare.”
Matt McGuirk, Senior Solutions Engineer, Source Defense
“Ransomware is a serious threat to election security because of the damage it can do to state and municipal governments, which are frequently the targets of this form of cybercrime. Electronic voting systems themselves are generally complimented by paper records to ensure redundancy, however, ransomware attacks can be very disruptive and time consuming to fix. My biggest concern regarding ransomware would be a state or local government attempting to "unlock" their systems after an attack while simultaneously managing an election with many new and unprecedented variables.”
A.N. Ananth, President, Netsurion
"The surge of ransomware is in part due to:
The rapid switch to remote work; home networks are often less secure than office network
The difficulty of monitoring remote workers; many security technologies are built around the expectation of endpoints connected to the office network
Anxiety around the pandemic and current events; many users are anxiously seeking more info around health issues or baited by headlines; phishing and malware uses this as attack vectors
Organizations can secure themselves against ransomware by:
Implementing secure, regular and tested off-site backup
Security patching, including remote WFH devices
Improving endpoint security, upgrading NGAV to Deep Learning AI based endpoint protection
Assuming breach and investing in security monitoring; if expertise is not available in-house then consider co-managed approaches
Think defense across the kill-chain and not just in point solutions
Network topology has changed with remote work, so re-evaluate defenses in that light
The firewall is no longer the perimeter, instead the identity is, prioritize multi-factor authentication, identify & access
Without a doubt, the trajectory of attacks on the enterprise network will increase. This will be driven by the increase in remote access that is necessary to connect with employees, customers, and vendors. Investments made this year to support digital transformation should include the new network topology and factor in improvements in security."