This is part 1 of a commentary series.
Cyber-attacks are now a top business threat for really any company that provides a critical piece of the supply chain.
With the extreme cyber talent shortage, international tensions, the rise in advanced adversaries, and budget fluctuations in cybersecurity, we wanted to know what organizations should be doing at this time to help them prepare and defend against this surge in cyber-attacks. We spoke with experts from around the industry to get their insights.
Steve Moore, chief security strategist, Exabeam
"Somehow people still have a diluted perspective on ransomware. There’s enough out there on what it is, how it works and a massive push to "stop" it, but we never solved the foundational problems that make it possible. Ransomware is an intrusion, period. The attacks are only possible because of a weakness in an endpoint, server, or cloud environment or via compromised credential.
If you unsuccessfully manage intrusions, you will eventually fail amazingly with ransomware.
The latest Verizon Data Breach Investigation Report (DBIR) revealed that ransomware instances have doubled; but again, that’s because of these three reasons:
We never fixed the core problems (break the cycle of compromise) which allow it to occur
It’s profitable for the adversary - therefore incentive
It detects itself so the reported numbers increase – so anyone can “find” it
Ransomware is simply a product of an upstream failure; in order to improve our position against these attacks, we must address these failures first."
Bill O’Neill, VP of public sector, ThycoticCentrify “Over the past year, our schools, law enforcement, unemployment offices, healthcare systems, critical infrastructure and enterprises have been ravaged by cyberattacks, and its victims have paid millions of dollars in ransomware that they simply do not have. Our digital global economy has become interdependent on the internet, which has directly led to a significant increase in vulnerabilities. This was evidenced recently in the Colonial Pipeline Company and JBS USA ransomware attacks, making it clear that these incidents can disrupt the critical industries that keep our country running. Attacks like these make it abundantly clear that we’re entering a new era of digital warfare. New research even revealed that more than half of organizations have been grappling with the theft of legitimate, privileged credentials (53%) and insider threat attacks (52%) in the last 12 months, signaling more signs of concern. President Biden and his administration have now made it clear that ransomware is a national threat. To avoid experiencing losses attributed to the next ransomware attack, organizations can take these steps to minimize exposure to ransomware attacks:
Invest in security awareness programs that educate employees on how to avoid spear-phishing attacks and detect potential ransomware.
Keep anti-virus and anti-malware software updated with the latest signatures and perform regular scans.
Frequently back up data to a non-connected environment and verify the integrity of those backups regularly.
Implement Privileged Access Management (PAM) best practices and solutions to control administrative user (i.e., sysadmins, DB admins, or user admins) access to critical and sensitive IT systems, applications, and workloads.
Vault shared privileged accounts for emergency access only and enforce least privilege for administrators – grant just enough privilege, just-in-time, for a limited time, and leave zero standing privileges.”
Dan Rheault, Product Manager, Tufin
"The reality is that organizations are already under constant attack, but ransomware attacks just simplified the method to realize financial gain. As opposed to data extrication for resale or other misuse, attackers encrypt systems holding them for ransom and disable business operations. This is a natural evolution in reducing the effort to achieve a return, as criminals don’t need to market and sell data to other criminals, and merely need to hold systems hostage and sell a single identified consumer a very specific solution – they have defined a narrow market and created a significant need.
Because this is a known reality, organizations need to readily identify and mitigate the exposure of vulnerable critical infrastructure to other internal networks to understand current risks, and have systems in place to ensure complexity and changes to passwords if secrets can’t be used. Most important though is having the appropriate recovery operation in place – organizations that have deferred investing in redundancy for business continuity need to take a look at the recent ransomware attacks and consider whether continued deferment is savvy given recent trends."
Matthew Meehan, chief operating officer, TokenEx
"The mindset shift that must occur is realizing that these types of attacks are growing more likely and frequent than ever, so organizations must always be thinking about what data to protect, and how to build resilience into their systems so they can 'reboot' if needed.
The objective should be to devalue key or sensitive business information. Companies are often so focused on building bigger moats or higher walls. But there are always weaknesses in the moat or wall, as environments constantly change and attackers get smarter and more sophisticated than ever.
So, changing the mindset or approach to data protection does two things: 1) makes it so that sensitive data that ransomware hijackers are targeting isn’t actually there (because it's been tokenized); and 2) allows organizations to repopulate critical data into parallel operating environments so the can get back to business fast, with little to no interruptions for customers."
Neil Jones, Cybersecurity Evangelist, Egnyte
“As a result of working closely with IT Security customers over the years it;s become clear that many organizations assume that data breaches are inevitable. Why is that? Unfortunately, we often see that the methodologies and tools the companies utilize ultimately don’t meet the security and control requirements of their organizations. And, instead of being viewed as a strategic investment, security is perceived as a tactical compliance checklist.
Superior solutions incorporate broader governance capabilities, but still make it easy for users to share files with anyone, without compromising the files' security and control. The business reality is that all content and communications are vulnerable to attacks without proper data governance, making it imperative that organizations protect the data itself. If secure file collaboration tools are implemented correctly they can render cyberattacks ineffective, even in our current climate with attacks at an all-time high. Deployed in cases where adversaries are able to infiltrate an organization's network and grind business productivity to a halt, the systems themselves remain inaccessible to outsiders, and valuable data is protected.”
Jay Ryerse, VP, Cybersecurity Initiatives, ConnectWise
“The age of data privacy and security is now. We are continuing to educate colleagues and our customers that data privacy should be built into everything we do. Service providers need to fully immerse themselves into the threat landscape and the best practices associated with securing data. Without cybersecurity, there is no such thing as privacy. This deep dive includes the governance aspect of data protection as well as the technical and physical controls necessary for the confidentiality, integrity, and availability of data. Consumers and businesses need to start asking the tough questions of their vendors. They need to understand the supply chain for the services they outsource and what those companies are doing to provide the best in class cybersecurity protections. If those vendors don't believe they are at risk, then it may be time to find a new provider.”
###