Months have passed since the DarkSide Colonial Pipeline ransomware attack, yet some antivirus vendors are still unable to detect the malware used. This demonstrates that a reliance on reactive antivirus detection is a bad idea when combating ransomware because hackers can change and obscure code to evade detection, leaving your organization vulnerable.
Virtual private networks (VPN) and firewalls aren’t what they used to be, either. In fact, there have been two prominent VPN breaches in the last 12 months by the Russian Foreign Intelligence Service (SVR) which triggered a Cybersecurity Advisory from the NSA. Perimeter-based cybersecurity methodologies may handle external threats but fail to address those on the inside, which now account for 20% of breaches (and in some verticals this can approach 40% or higher), according to the latest Verizon Data Breach Investigations Report.
Access and abuse of identities (and privileges) sit at the center of most ransomware hacks. A proactive approach of locking down data and access management from the inside out is the only way forward. By implementing this one-two punch of the authentication and privilege actions of password administration and privilege preservation, you can begin locking down your system to defend against ransomware.
Integrate password management
Passwords are often a significant part of any breach or ransomware hack. Users have too many passwords to sign into different systems and applications, and they frequently avoid obstacles by delaying password changes, choosing simple passwords, or writing down or storing their passwords on their computer.
Static passwords and locally stored passwords can significantly compromise security. Some cybersecurity implementations you should consider include:
Multi-factor authentication (MFA), packaged with strong identity and access management, delivers a higher level of security than single-factor by requiring authentication using something known (e.g., login and password) and something owned (e.g., device and security key). Ransomware hackers can often learn what is known, but usually find it challenging to spoof what is owned.
Federated single sign-on (SSO)
Single sign-on (SSO), using a widely adopted standard such as Security Assertion Markup Language (SAML), can greatly minimize password abundance, which can have its own security risks. With a glut of passwords, hackers have even more options to break into your system. Many identity and privileged access management systems such as Hitachi ID Bravura Security Fabric include these capabilities, which allow users to log in and access every application they need without re-authentication.
Prioritize privilege protection
Credentials and privileges are power to cybercriminals, but your organization can take it back. By granting access following the Principle of Least Privilege (PoLP) or allowing users the minimum access credentials necessary to perform a specific job or task and nothing more, your organization can protect itself against ransomware perpetrators. Consider credential protections such as:
Just in time access
Just in time access (JIT) empowers organizations to grant applications or systems access for predetermined periods on an as-needed basis following PoLP. And JIT eliminates unnecessary, forgotten, or orphaned privileges often abused by ransomware criminals to vault their way into your system because access and privilege are time-limited. The execution is often part of a privileged access management system, such as the Hitachi ID Bravura Security Fabric.
Randomized privileged account passwords
The traditional network perimeter is eroding, shifting to an anywhere network of identities and an ever-growing network of privileged accounts across users, devices, and applications. The tech shift has made it increasingly difficult for IT teams to keep up with the security models that have been successful in the past to manage those assets securely. The fallout has subsequently created a veritable playground for hackers and ransomware.
Coordinating password changes or tracking changes back to individuals can be even more painful without a privileged access management system. With many privileged access management implementations, you can replace shared and static privileged credentials periodically with new and random values based on robust password policy controls.
Go further with cyberdefenses
These authentication and privileged actions will close significant cybersecurity gaps in your network. And also have the potential to win over organizational leadership by demonstrating tremendous ROI because they are smaller compared to other cybersecurity modernization projects yet still secure some of the most common pathways used by criminals to breach your system.
They can also play a considerable role in winning over organizational leadership by giving them a roadmap that they understand, while making serious inroads against remote work, deperimeterization, and the growing threat of ransomware-as-a-service.
Receive a complimentary Zero Trust pre-assessment from Hitachi ID and intiGrow and make strides towards Zero Trust to stop ransomware in its tracks.
The beginning of each semester at a large university in the midwest of the United States was a nightmarish experience for the IT help desk staff. (Due to our customer's...
For more than two decades, Zauber Limited’s elite team has been a leader in IT support and implementation, with specialties in building new architectures, re-platforming...