Five Ways to Protect Yourself (and Your Business) from a Ransomware Attack
Authored by: Tony Cole, CTO, Attivo Networks – I recently spoke with Authority Magazine on the topic of ransomware, and one of the questions they asked me about was how today’s organizations can best prepare for and defend against ransomware attacks. It’s a topic that many experts are concerned with today—particularly as both the volume and severity of ransomware attacks are continuing to grow at an alarming rate. It’s also a difficult question to answer, since there are no easy “one-size-fits-all” solutions to the problem.
Protecting against ransomware requires organizations to understand their vulnerabilities and take proactive steps to address them. These are matters of serious concern for Attivo and its customers—and I spend a lot of time thinking about them. I was pleased to have the opportunity to talk to Authority Magazine about a few of the steps I often recommend to organizations as they work to improve their cybersecurity posture. Below are the top five things that today’s organizations need to do to protect themselves against modern ransomware attacks.
#1: Implement Multifactor Authentication
Multifactor authentication (MFA) won’t solve all of an enterprise’s problems, but it is a relatively simple way to add an extra layer of security. While MFA isn’t foolproof, it makes it significantly more complicated for an attacker to compromise a single account—it’s no longer as simple as just entering a stolen password and gaining access to the network. That’s good, because attackers get their hands on passwords all the time, and too many employees reuse their passwords across multiple accounts. The last thing an organization wants is to have its network compromised because an employee reused a password that was stolen in a completely unrelated breach. If MFA is implemented, even valid credentials aren’t useful to attackers unless they can compromise the second form of authentication as well.
#2: Protect Your Identity Systems
Multifactor authentication can help secure user accounts, but that isn’t always the route an attacker uses to get into the system. MFA can’t help if an employee accidentally opens a phishing email and clicks on a suspicious link or downloads a weaponized attachment designed to target an unsecured system. Worse, an attacker might even target an unknown vulnerability using a zero-day exploit. In these cases, MFA is, unfortunately, useless, as the attacker has bypassed the need to crack a password and instead entered the network directly. And once inside the network, adversaries can check memory and applications for stored credentials—which they will almost always find.
After that, they’ll move on to Active Directory to further elevate their privileges and move laterally to identify new and valuable targets. Today’s organizations need protections in place that can detect suspicious activity, both on the endpoint and within the network. Tools like ADSecure can provide early alerting when an attacker makes a query, and will also return false information to prevent them from breaking off the endpoint. Others, like ADAssessor, can provide greatly enhanced visibility to potential vulnerabilities and attack paths, highlighting risks related to credentials, privileged accounts, shared credentials, and other identity-related exposures.
#3: Segment Your Networks
In other words, don’t put all your eggs in one basket. By splitting your enterprise into different network segments, you can enhance your ability to place traps, decoys, and other forms of bait designed to entice attackers. It is easy for an attacker to move around a single, simple, flat network—they won’t have to navigate much to find valuable data, and a lack of in-network protections means they won’t have much to evade, either. Think of it like a mine field: sure, a mine field with only one mine is still dangerous, but it’s not nearly as useful as a comprehensive deployment.
#4: Implement Zero Trust
“Zero trust” is a popular buzzword today, and it’s important for organizations to understand that true zero trust is a journey, rather than a destination. It’s a set of principles designed around implementing an assumption-of-breach mentality. This means organizations should assume that they have already been compromised and operate accordingly. Activities within the network should be viewed through this lens—if an identity is attempting to access certain information or areas of the network, that request should be validated and authenticated before it is granted. Assumption of breach means organizations should always be looking for adversaries within their environment, in user accounts, Active Directory, applications, network resources, and countless other places. If attackers are forced to justify their actions every step of the way, it becomes much easier for network defenses to detect suspicious activities.
#5: Implement Active Defense
There are no days off for network defenders. They need to be active and engaged every hour of every day. But active defense strategies can help tilt the battlefield in favor of the defenders—and experts are starting to take note. MITRE recently launched a program called “Engage,” which draws upon similar principles as recent National Institute of Standards and Technology (NIST) guidance and focuses on the need for deceptive practices in cybersecurity. Both MITRE and NIST now recognize the value in luring attackers into traps rather than simply waiting to detect their presence. Defenders today can hide important data, accounts, and network shares while using deceptive assets to lure attackers into decoy environments where they can be safely monitored and studied.
Comprehensive Security Is Key to Ransomware Defense
None of these recommendations represents a golden ticket to perfect network security—in fact, anyone who says they can prevent 100% of attacks is lying. But they all have an important role to play in preventing some of today’s more prevalent—and dangerous—attacks. By shoring up identity security and implementing key features of zero trust, network segmentation, and active defense, organizations can put themselves in the best possible position to succeed against today’s adversaries. Even simple solutions like multifactor authentication can play a significant part in protecting the organization. If you’re wondering why I didn’t mention cyber hygiene, well, you should already have your arms around that issue. Making your network as difficult as possible to attack is critical. Even if it isn’t possible to prevent every attack, it is possible to show defenders that their efforts are better spent searching for easier targets.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise