Experts and suggestions weigh in on malware preparedness
Easy targets make for quick pickings. Part of managing good cybersecurity and IT strategy today, then, is making your enterprise a resilient target. Though hack attempts have surged in recent months, a common philosophy remains true. Go for the easy target.
Like predators in the wild, targeting vulnerable prey leads to an easy meal. The less effort spent, the better.
But, resilience is just a concept. Is your enterprise ransomware ready? Do you have systems in place to deal with potential ransomware attacks?
The four primary questions for ransomware readiness
Vectra’s CTO, Oliver Tavakoli, has four key points to share about understanding ransomware resilience. They’re an analytical model, and simple to follow.
The questions Tavakoli asks are thus: how easy can a hacker breach your IT environment? If there is a breach, how easy is it for an attacker to achieve network movement? In other words, access privileged parts of a network.
From that point, how controlled is data in parts of a network? In other words, how easy is it for a breaching party to steal and disclose information to the internet? Lastly, post-breach, how efficiently can you restore data and systems with a backup?
Tavakoli also emphasizes the importance of harsh resistance. Hackers can choose from thousands of targets, and their time is often money. Therefore, in the face of resilient cybersecurity, they’re likely to move on. Assessing your resilience with the four questions provided thus far will help you see the bigger picture.
How hackers smash into networks
Long gone are the days where complex operations were only carried out by nation-state actors. As we’ve pointed out before, however, ransomware attacks are simpler to perform. Attackers usually switch between automated and human-based attacks. Automated means data sniffers will attempt to brute force through unprotected login gateways. In other cases, it’s mass deployment of phishing emails to acquire sensitive information. It’s not the only way, but as stats have shown, phishing emails are common and one of the most brutally effective methods for malware campaigns.
Tavakoli continues to say that improving cyber hygiene and taking stock of your total defense picture requires examining your internet-facing devices. Network capable devices are entry points for potential hackers.
Every network-capable device is something that must be patched and monitored.
Creating a “difficult” network
If you’ll allow me a metaphor, imagine a spy infiltrating a base only to meet challenges. Traps, secret passages, and guards make the spy’s job incredibly difficult to get to their end goal.
This is how you want to imagine your network security in the event of a breach. Primarily, this is where enterprises and organizations want to shift their defense focus. Cybersecurity breaches and ransomware are typically inevitable, rather than something we can avoid. Therefore, as with the spy metaphor, you want to make lateral navigation as difficult as possible for intruders. This resiliency, as we’ve said, helps dissuade attackers.
How you do so will depend on your network setup and layout. However, a majority of lateral control comes down to managing network permissions. Network segmentation, for example, is a simple way to deny permissions on a broad level. If one part of the network manages customer service, that segment should not gain access to financial records, or management level databases.
Identifying threats and creating internal barriers requires techniques like behavioral identification. That is to say, recognizing unusual activity within a network if a breach has occurred.
Hackers have resources too
Knowing your enemy is an important method for curtailing attacks. The tools they implement to compromise networks vary. Often, though, they are automated in nature for maximum effect and efficiency. Hackers will typically purchase a list of compromised targets from dark forums, and from there, create automated campaigns to locate ideal victims. Once they have stolen data, they’ll proceed to encrypt it and eventually ransom it off.
Mitigating these attacks is best done with early detection and pattern recognition, Tavakoli says. Additionally, creating as many barriers and hurdles as possible will discourage the hacker(s) from continuing their malicious operations.