Protecting Your Organization Against Ransomware Attacks

Attacks are increasing – a proactive approach to data protection can help you safeguard your systems – here’s how.

Ransomware attacks are a growing problem that is only expected to get worse. Last year, the public sector saw more than 40 reported ransomware attacks on state and local municipalities. In late 2019, attacks on 22 cities across Texas joined a growing list of noteworthy hacks, which had already crippled the systems of small and large cities, from Lake City, Florida to Baltimore.

Attacks occur daily, as hackers find vulnerabilities in systems and proceed to lock up valuable data and demand payments in return for decryption keys. Staffing issues ranging from an acute shortage of cybersecurity professionals to overworked security analysts are adding to the problem. According to a recent study by CRITICALSTART, Security Operations Center (SOC) analysts continue to face an overwhelming number of alerts each day that are taking longer to investigate, leading five times as many SOC analysts this year to believe their primary job responsibility is simply to “reduce the time it takes to investigate alerts,” which is leading to security alerts either being prioritized lower or ignored altogether. Outdated security systems, legacy equipment and insufficient data backup also add to the problem.

Despite these challenges, you can take proactive steps to help stave off an attack. The following are some tips to get you started:

• Implement data back-up procedures that include storing data offline.
• Conduct a cybersecurity risk assessment. Risk assessments provide a thorough threat analysis to determine where the most impactful avenues of attack might be and tests for specific vulnerabilities in those priority areas.
• Perform a perimeter penetration assessment. Test to determine specific threat scenarios and threat actors that can impact your organization to determine how far a malicious actor can go. Restricting lateral movement is critical to your cybersecurity strategy.
• Develop a remediation roadmap to outline the top objectives from your security assessment. Your plan should strengthen your security posture to include clearly identified steps to achieve specific objectives in key areas. These areas may include general security controls and policy review, network security controls, Windows platform assessments, privileged account access, vulnerability management processes, management of mobile devices, investigation, blocking, and response capabilities, and user awareness training.
• Assess your security tool inventory to identify redundant or unused products, evaluate security architecture to understand proper product placement in the organization and identify pain points with current security products. In addition, conduct a cost analysis of your security product inventory to ensure you are getting what paid for.

Another step is to consider implementing a Managed Detection and Response (MDR) solution. An MDR can aid your internal team in detecting cybersecurity threats in a particular environment. MDR performs a series of functions including analyzing the types of risks in which your organization may be exposed, helping you determine what the most critical threats are and take preemptive steps to close those doors to cyber thieves.

If you already outsource security functions, be sure to:

• Find out how your provider deals with alert fatigue. Alert fatigue is the overwhelming volume of alerts that exceeds an organization’s capability to properly triage or analyze what currently exists in the queue. Most often, the typical response is to cut off sections of priorities of alerts in which organizations decide only to deal with just the critical alerts – which can lead to breaches.
• Gain visibility into your service provider’s operations. Find out what’s happening behind the scenes – why are some alerts ignored? What criteria are they using in deciding which alerts to deal with?

Ransomware attacks are not going away. Taking proactive steps can help protect your organization against an attack, potentially saving your organization millions of dollars.

by Callie Guenther | CYBERSOC Data Scientist, CRITICALSTART

January 9, 2020