GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks
Ransomware? I think you may have heard of it, isn’t the news full of it? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020.
Related: Make it costly for cybercriminals
The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor. In fact, Colonial Pipeline shut down, causing major problems at the gas pumps for days.
When these ransomware attacks occurred, RiskyBiz podcast host Patrick Grey commented that the U.S. would respond: “Don’t take away our gas or burgers.” What an outstanding response! And, he’s not wrong. When supply chain attacks start impacting everyone’s daily life, it becomes very real for us all.
Ransomware is likely going to be here for years to come. It’s such a big industry that Ransomware-as-a-Service (RaaS) actually offers criminals customer service and tech support. This means it’s now a commoditized industry leveraging backend services and capabilities all built for scale.
Best practices
Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks:
•Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge. As an enterprise security team, you could restrict internet access at your egress points, but this doesn’t do much when the workforce is remote.
•Back up your data and secure your backups in an offline location. If the data is online, then it’s accessible to bad actors and just waiting to be encrypted for ransom.
•Enable multi-factor authentication (MFA) to access your applications and services, especially for admin access to platforms and backend systems.
Jones
•Enable device posture checking and enforcement, ideally integrating with a decent XDR platform. For decades, application and data access ignored the device and simply asked for the user identity to be validated. This resulted in users being allowed to login from devices that may have outdated operating systems, missing patches, not having endpoint security software installed, or not being up to date. You’ll significantly reduce your risk if you enforce a minimum security bar for all devices accessing your data.
•Systemically update your operating systems and apply current patches. Not just endpoints, but server/virtual systems as well. Furthermore, don’t forget about ingress and egress points, cloud-based services (like EC2). In short, anything accessible from the internet should be given extra attention.
•Turn your office network into a guest network. This disables peer-to-peer access, enabling internet-only access. And it also almost eliminates lateral movement during compromise. While you may enable some access to limited services, a good zero trust implementation will result in users accessing internal services via an internet-facing proxy platform instead of an internal network. This type of solution pays many dividends, including more secure use of contractors and consultants, as well as being able to more easily handle access in mergers & acquisition situations.
The reality is that a bad actor’s initial attack begins with either an endpoint downloading, clicking, browsing (something bad), or internet-facing devices/services not being secured. Fun fact: 80% of these breaches occur at the endpoint, often via phishing or social engineering. So as investments go, checking device posture as part of your zero trust program is a huge win. It’s quick to deploy and simple to operate.
Let’s talk VPNs
Traditional VPNs are almost always configured to allow full-time employees complete access to your network. All it takes are some compromised credentials and bad actors have the ability to attack all other devices on the corporate network. From there, it’s possible to find devices with privileged accounts and take the attack further. This has gone unchecked for years and there’s no good reason to let it continue
My recommendation is to shift to a modern remote access strategy, where specific applications and resources are accessed via reverse proxy, while also leveraging identity-based access. Imagine a device being compromised – would you like it to have access to your entire network?
Or, would you prefer that it can only access a specific application after passing a device posture check so we know it’s more secure? If you could remove the ability for devices on your corporate network to see (and therefore attack) each other, wouldn’t that be a huge step forward in your security?
We all know that ransomware is here to stay, but the good news is that, by following these basic cyber tips and tricks, you have the ability to reduce the risk and likelihood of your company being a victim.
Food for thought, eh!
About the essayist: Den Jones, CSO at Banyan Security, which supplies simple, least-privilege, multi-cloud application access technologies
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-leveraging-zero-trust-and-remote-access-strategies-to-mitigate-ransomware-risks/
