Loosening the Grip of Ransomware

The specter of ransomware is currently looming large. Barely a day goes by without headlines announcing the latest big name whose data’s been ‘kidnapped’ by cybercriminals—and imagine the number of victims that we don’t hear about! Recently, the well-known camera maker Olympus was allegedly hit by a ransomware attack which is still under investigation; other victims include Kia Motors, Colonial Pipeline, JBS, CD Projekt Red—it’s a familiar issue for many organizations across all industries. Like cockroaches that survive a nuclear war, ransomware persists across every iteration of networks, infrastructure and devices. To make things even more challenging, COVID-19 has turned the working world upside down and given rise to a raft of technology challenges that include ransomware-related security concerns.

Shifting the Goalposts

The pandemic permanently changed the way most of us worked. Work from home (WFH) or remote/hybrid work environments mean that employees now expect seamless remote access to corporate infrastructure from just about anywhere—but also means security is more easily compromised. Why? Security teams now lack the visibility they used to have into user activity, device behavior and data handling practices.

These days, the bad guys don’t have to rely on brute force as their modus operandi. Those behind ransomware attacks can adopt more subtle tactics. By using phishing tactics on employees via their mobile devices, for instance, they can more easily access corporate infrastructure using legitimate credentials. And once they find a way in, the damage can really begin. Often, they will exfiltrate huge amounts of data very quickly while locking victims out of their own systems. And while some turn to virtual private networks (VPN) to facilitate remote access, those very same credentials can enable hackers to move laterally across your infrastructure. And the problem gets compounded because employees are increasingly using unmanaged devices and networks to access apps and infrastructure—devices and networks your team has no control over.

What Can be Done?

So, is it all doom and gloom? Did the bad guys win? Fortunately, the answer is no. As with most things technology-related, it’s a question of keeping up and, sadly, many organizations fall behind. But here are some approaches to mitigating the threat of ransomware that you should definitely consider.

Secure Your Mobile Endpoints 

A typical cyberattack can begin with the sending of a phishing link. These days, mobile devices have facilitated myriad ways to send them to users—gone are the days when you only had to worry about the phishing risks within an email. Now, phishing threats lurk everywhere—in messaging apps, within social media and even on dating apps like Tinder. Things are complicated further by the blurring of lines between work and play. People use their mobile devices increasingly for both professional purposes and personal matters. Therefore, the potential to be caught out by phishing links increases accordingly.

Zero-Trust Network Access 

Remote workers sometimes require data that resides in your organization’s data centers, so many businesses routinely make use of virtual private networks (VPNs) to facilitate such access. The downside of this, however, is that by using a VPN you lay bare your infrastructure to networks and devices that are outside of your control. Ultimately, you need the security of a web application (and the associated behavioral traits) to make sure that your data is secure. Knowing things like who is connecting to your apps, what type of device they are using and their access requirements, all serve in helping you to customize access for your users.

And this is where zero-trust network access (ZTNA) comes in handy. Essentially, it provides an uninterrupted connection to your apps (wherever they might dwell) without any risk to your data. ZTNA allows you to mask your apps from the public internet, giving only authorized users the appropriate access. You can bulletproof things further by integrating ZTNA with multifactor authentication and identity and access management.

Cloud Access Security Broker 

Most organizations probably have to deal with an endless numbers of cloud apps. So how do they manage them all with full visibility and without any risk to their data? By using a cloud access security broker (CASB). This technology is fast becoming a critical part of enterprise security—one that enables safe use of cloud computing while also safeguarding sensitive company data. CASBs afford your organization complete visibility over the interactions between your users, endpoints, cloud apps and data. Importantly, you also get complete control over zero-trust access with the ability to dial in precisely what’s needed. And with continuous monitoring of user activity, your organization is able to more quickly and easily detect and respond to cyberattacks. 

New working world, new technologies. With the need to face up to the challenges of working in a different way, cybersecurity is more important than ever in the face of rising levels of cybercrime such as ransomware attacks. By adopting the correct approach, you can keep your digital assets and your people safe and secure.

Avatar photo

Steve Whiter

Steve Whiter is director of Appurity, a company that deploys solutions for critical mobile security services across all verticals.

steve-whiter has 2 posts and counting.See all posts by steve-whiter