Home
Cyber Risk Management

8 Strategies to Minimize Ransomware’s Impact

How to improve architecture resilience and manage ransomware attacks better? Find out.

Grant Warkins Grant Warkins Technical Advisor, MOXFIVE
March 8, 2023

Business growth is an objective shared by most companies. But it cannot divert attention away from building and maintaining a more resilient architecture capable of protecting the company from external threats that are growing in number and sophistication, emphasizes Grant Warkins, technical advisor at MOXFIVE.

Business growth and evolutionary trajectory. No two are the same, but there are common themes that unite them. One is that this growth often distracts teams from re-examining the IT infrastructure and security controls implemented in their nascent days. These were put in place to protect the business, its intellectual property, applications, personal data, and the list goes on. But as the company grew, these systems did a funny thing. They got old and became increasingly outdated. That’s when vulnerabilities began to develop.

Next thing you know, these weaknesses catch the attention of sophisticated cybercriminals who are always on the prowl for new victims. At MOXFIVE, we have seen this storyline play out time and again. A business is victimized by a ransomware attack and has to sift through the damage to recovery. That’s when it is often found that the impact could have been dramatically reduced by developing a more resilient architecture. Here are eight steps that a company can take right now.

Eliminate Threats with Multifactor Authentication

Using static, default, or shared passwords along with legacy authentication for remote access is a recipe for disaster. Your best bet is multifactor authentication (MFA). MFA is so effective in mitigating these risks that insurance carriers increasingly require its use by businesses looking to renew their cyber policies. While you should implement it widely, begin with these MFA “table stakes”—email access, external-facing or cloud-based systems, and any systems considered sensitive, including domain controllers and backup solutions.

See More: Can Tech Layoffs Increase Insider Threats?

Eliminate Vulnerabilities

If there is one thing all businesses can count on, it’s this–attackers will always actively search out known vulnerabilities, and with good reason. The number of vulnerabilities is growing fast. The National Vulnerability Database published Opens a new window more than 8,000 vulnerabilities in Q1 of 2022. That’s up nearly 25 percent from the same period in 2021.

But there is some good news. Businesses can take steps to mitigate these threats with vulnerability management software. More specifically, agent-based vulnerability management software. Since it can be installed locally on a host, this software gains better visibility, enabling it to minimize the attack surface through periodic vulnerability scans. What it looks for are parts of the infrastructure that have been overlooked for extended periods and are, therefore, vulnerable to attack. Once identified, the team can immediately reduce the attack surface.

Segment Your Network

Today, many organizations utilize a single, flat network where all devices in the data center can connect. This is precisely why it’s a preferred target for bad actors who, once inside, can move throughout the network with no opposition. Using network segmentation, businesses can split the infrastructure into multiple smaller networks. This prevents the perpetrator from moving from one segment to the next and ensures that the business’s most vital infrastructure remains virtually inaccessible outside those employees and departments that require access, which is managed using tags that effectively stop lateral entrance. 

Improve Credential Management

As with any small business, managing your security program is relatively easy. The challenges come later when business success brings growth. This is particularly true when it comes to overseeing account and access management. Companies with thousands of employees have an endless number of accounts and credentials, and these must be managed along with service accounts and secret keys. While the responsibility for managing these falls to administrators and application owners, tracking and identifying each is a huge challenge.

Privileged access management (PAM) solutions apply automation and policies to all enterprise accounts, allowing administrators to manage credentials properly. Most PAM solutions include reporting and alerting mechanisms. These give security teams insights into how credentials and policies are being used. They also eliminate manual elements, which is why credentials are often forgotten.

 See More: Lock and Key: Compromised Credentials and Growing Ransomware Threats

Embrace Backups

Regarding destructive attacks and operational mishaps, immutable and indelible backups ensure that data can’t be altered, encrypted, or deleted. When it comes to immutability, look for ones that are both logical and physical. This will entail having two or three copies in different locations (one off-site and another in the cloud), which reduces the chances of a bad actor gaining access to everything. This immutable approach ensures that not all backups are compromised when a vulnerability is found. It also provides options if an attack takes down an entire data center or remote site.

Secure Visibility

You cannot measure what you cannot see. This is particularly true when it comes to assessing the size and impact of an attack. EDR solutions provide this visibility, allowing teams to detect, issue alerts, and ultimately block any suspicious behavior while supporting the investigation side of any incident. When exploring EDR options, look for the following features:

  • Continuous, comprehensive and real-time visibility into endpoint activity,
  • Advanced threat detection, investigation, and response capabilities.
  • Investigation as well as validation of any suspicious activity.
  • Detection and containment of any identified malicious activity.

Get Your Playbook In Order

In a perfect world, employees would know exactly how and when to respond to an incident. This is not a reality for most, but it can be with an incident response playbook. As with a good football program, playbooks are essential. They help establish every person’s role, define what teams across the company must be involved in, and ensure that clear lines of communication paths and response procedures are in place BEFORE any incident transpires.

All playbooks are unique to the company, but there are Key elements to consider, such as infrastructure restoration plans, backup viability, and team coordination mechanisms with entities like external counsel and 3rd party vendors. Once complete, it’s time to practice–put the playbook to the test through exercises and mock security events or contests. These efforts will help validate that the processes and technologies in place will work when needed.

Don’t Forget Your Insurance

We’ve all seen the headlines. Ransomware attacks can tarnish an organization’s reputation. They can also have a monetary impact. This is why more and more businesses are turning to cyber insurance. Cyber insurance allows organizations to review how coverage addresses compensation for financial loss and business interruption, as well as fees and expenses that are associated with the ransom and incident response.

Remember that securing these policies is not the straight forward process it was just a couple of years ago. Today’s providers require that applicants demonstrate a commitment to security. For many, this means investing in some specific security controls before they even ask for a quote. This may include some of the items I’ve outlined in this article.

Defending your business from attacks has never been more challenging. If you’re one of those companies operating with outdated infrastructure and security controls, you are already at an extreme disadvantage. Now is the time to divert some focus back on your systems and begin the long-overdue modernization, and the options above are a great place to start.

Are you building a more resilient architecture to protect your business against ransomware threats? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

Image Source: Shutterstock

MORE ON RANSOMWARE

Cybersecurity
Grant Warkins
Grant Warkins

Technical Advisor, MOXFIVE

opens a new window opens a new window
opens a new window opens a new window
Grant is a cyber security leader with decades of success helping clients navigate complex security investigations and building proactive security programs to mitigate risk. As a technical advisor at MOXFIVE, Grant assists clients in managing forensic investigations, recovering networks from cyber security attacks and providing valuable insight on proactive controls that can make networks more resilient.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

Top Tips to Stay Safe During Black Friday and Cyber Monday
Cyber Risk Management

Top Tips to Stay Safe During Black Friday and Cyber Monday

SMBs: Cybersecurity Is Everyone’s Responsibility
Cyber Risk Management

SMBs: Cybersecurity Is Everyone’s Responsibility

Cybersecurity Frameworks Explained
Cyber Risk Management

Cybersecurity Frameworks Explained

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime
Cyber Risk Management

Why Transnational Cooperation Is Key in the Battle Against Cross-Border Cybercrime

Safeguarding Elections from Cyberthreats
Cyber Risk Management

Safeguarding Elections from Cyberthreats

Fact or Fiction: Combatting Deepfakes During an Election Year
Cyber Risk Management

Fact or Fiction: Combatting Deepfakes During an Election Year