Ransomware: Because Organizations Aren't Cats
Updated: Oct 12, 2022
2021 has seen the highest volumes of ransomware attacks ever, with the global attack volume increasing by 151% for the first six months of the year. According to a report from SonicWall, government is the most commonly targeted industry, however, in three out of the first six months, education actually saw even more. As the number of active threats continues to increase with no signs of things slowing down, where should organizations look first to address vulnerabilities and prevent these attacks?
Because, unfortunately, organizations don’t have nine lives, here are the top nine vulnerabilities that can lead to compromise and how to prevent them:
Employees/Lack of Training
Human error continues to contribute to a significant number of attacks. Educate users so they are aware of common threats, train them how to recognize phishing attempts and suspicious behaviors, and encourage them to report possible incidents as soon as possible. Deploying email protection tools to help protect against spam, malicious URLs, attachments, etc. can also prevent malware from reaching the end user’s inbox.
Failure to Implement Secure Authentication Methods
All it takes is one compromised credential to cause a data breach. Deploying multi factor authentication (MFA) drastically limits the ability of a cybercriminal to access accounts and greatly reduces organizations’ risks from phishing-related cyberattacks.
Use of Administrator Accounts
Non-administrator/user accounts are usually unable to access the more sensitive areas of a computer or network. Organizations should avoid the use of administrative accounts for general tasks like browsing the web or checking email, and allow administrative access only when absolutely. By adopting and enforcing least privilege, users have minimum access to the data and services they need to complete their work so, if that account is compromised, the attackers do not have the keys to the kingdom.
Software vendors provide patches and updates in response to newly identified vulnerabilities. Confirm your teams are regularly installing updates to ensure all operating systems and applications are current. Unpatched systems are a prime target for attackers. This also applies to keeping your anti-virus/anti-malware software up to date.
Lack of Segmentation
Segmentation doesn’t necessarily prevent a malware attack, but it does limit hackers’ ability to pivot within the network and access other systems. With segmentation, ransomware is unable to spread across the network and teams can more quickly contain and mitigate the incident.
Failure to Maintain Regular Backups of Data
Although regular backups don’t secure your network from attacks, it does help your ability to recover when a malware attack occurs.
Lack of Third Party Oversight
Third-party vendors who have any level of access to your environment or your data become a potential attack vector. And third-parties who have access to the data of multiple, if not thousands, of organizations, often become a bigger target. Verify that all third-party service providers your organization has partnered with have completed a thorough security review process to ensure they have implemented the necessary security controls and establish a formal program for monitoring their adherence to those controls on an ongoing basis.
Misconfiguration of Cloud Services
Along with the risks from third-parties mentioned above, how an organization configures third-party systems can also put data at risk. It is your organization’s responsibility to securely implement cloud applications, defining who has access to what data, and properly removing that access when an individual leaves the position or the organization.
Bring Your Own Device (BYOD)
With the shift to remote working, many organizations have seen a mix of personal and organizational devices being used to access organizational data, as well as devices being moved back and forth from home to work networks. By allowing employees to connect their personal devices to the organizational network, you may be introducing new vulnerabilities. Have clearly defined policies for the use of personal devices when accessing organizational data or systems.
Organizations may never be immune to ransomware, but there are steps that can be taken to help prevent malware from infecting organizational systems and limiting the damage if an attack is successful.
If your organization is looking to test the effectiveness of your security systems or teams, or validate the need for additional protection mechanisms or tools, talk to your Customer Advocate team about CampusGuard’s Offensive Security Services (OSS), including web application testing, penetration testing, password auditing, and more. Chances are, if you schedule an introductory call with the OSS Team, they will also introduce you to one of their many feline friends as well.
Some additional guidance from the Offensive Security Services team:
[Campbell]: The most important first step that a malicious attacker might take in order to get a foothold in your network is to obtain the credentials for any one user. From there, a silent clock activates and starts to count down until eventually ransomware gets deployed, sensitive data gets exfiltrated or even your network gets fully compromised. To better protect yourself against those scenarios, one of the most impactful steps an organization can take to improve their security posture is to practice better password management which includes enabling Multi-Factor Authentication wherever possible and educating your end users on how to better handle their passwords.