Ransomware attacks continue to take down critical infrastructure and parts of the supply chain that were already vulnerable due to the pandemic. This has a variety of downstream implications on the supply chain, increasing recovery times as the firms on which suppliers depend try to recover as well.
A ransomware attack recently struck a major US pipeline, resulting in a several-day shutdown of operations. This attack follows a devastating year of ransomware attacks around the world, especially those aimed at healthcare organizations.
Ransomware attackers are increasingly targeting critical infrastructure providers because when they are infected with ransomware, they have to choose between indefinitely suspending critical business processes or paying the ransom. Shutting down a critical resource for an indefinite period of time is clearly not a viable business strategy, and impacted providers are left with no choice but to pay up.
What Can Organizations Do About It Right Now?
Cybercriminals are always on the lookout for the quickest way to make money. So, right now, security professionals must take steps to reduce their chance of potential ransomware attacks. Here are seven strategies that businesses should put in place right now to minimize the effect of a ransomware attack:
Strong passwords should be enforced – Organizations must develop a password policy that requires users to use strong passwords by default.
Check the backups – Organizations must ensure that backups of critical data are updated and always available. They must verify that their backups contain the information they need and that they can restore it successfully. Backups are crucial as it is the last line of defense.
Multi-factor authentication is crucial – Multi-factor authentication must be implemented in a way that is both simple to use and standardized. This can be used to front the infrastructure’s entry points, whether they’re a mix of the identity provider and the VPN or not. This eliminates the risk of stolen log-ins/credentials being used to steal data and infect the organization.
Secure privileged accounts – In the majority of these attacks, domain administrator accounts or other forms of privileged accounts are present on nearly every endpoint or have access to sensitive applications, allowing attackers to travel laterally with ease. Such types of accounts must be inventoried, and if possible, they must be removed. Employees should only be given local administrative privileges when absolutely necessary; it should never be done by default.
Update the incident response plan – The response plan should include what happens if a company is compromised with ransomware and what the company’s next steps are, which should include both the security and business divisions. It should also specify who they should contact for assistance if they are harmed, which may be the MSSP or another incident management agency on retainer.
Update endpoint protection – Endpoint protection and security policies on endpoints must be kept up to date and the protection must be turned on and functioning. Organizations must speak with their endpoint protection provider and inquire about the necessary health checks to ensure that these devices are installed, turned on, and functioning properly.
Devices must be patched regularly – Prioritize sensitive assets such as VPN concentrators or DMZ servers that are exposed to the outside environment. In the end, companies should reduce the time it takes to patch applications and operating systems since monthly patch cycles don’t account for how rapidly attackers move and how remote workers operate.
In the long run, the way security systems have developed isn’t up to the task of dealing with the increasingly complex nature of the threats that organizations have been subjected to. To effectively restrict lateral movement and contain the blast radius of a variety of threats, such as phishing, ransomware, supply chain, and so on, organizations must concentrate on shifting from perimeter-based security architecture to one based on Zero Trust.