Ransomware attacks have become increasingly common and can have devastating consequences for businesses, and it is even extending to government institutions and other organizations, as well.
In 2022, for example, the Costa Rican government fell victim to ransomware, and citizens’ data was reportedly ransomed for at least $10 million. It was the same case for the government of Montenegro, whose citizens’ data was ransomed for a reported $10 million. Giants Coca-Cola and Panasonic also fell victim to attacks. Even religious organizations were not spared, with the Russian Orthodox Church being a victim of hacktivism.
In the ongoing battle against cyber threats, businesses must remain vigilant in order to protect themselves and their data. The combination of increased connectivity, frequent software updates, the widespread adoption of cloud computing, and the shift to remote work has expanded the attack surface for hackers, making it harder for businesses to defend against attacks.
With limited resources and a constant workload, it can be challenging for businesses to stay on top of their security posture and defend against emerging tactics, techniques, and procedures (TTPs) used by attackers.
A threat-informed defense approach
One way to regain the upper hand is to adopt a threat-informed defense approach. By adopting the mindset and techniques of cyber attackers, businesses can improve their visibility into their own defenses and prioritize their security measures based on the actual risks they face, rather than relying on global statistical risks.
Additionally, adopting a proactive approach of “never trust, always verify” is a good way of continuously validating security posture management and identifying any blind spots that attackers could exploit.
Automating continuous security validation is one way for businesses to stay on top of their security posture. Compliance regulators and standardizing organizations, such as GDPR, SOC 2, PCI DSS v4.0, and ISO 27001, are starting to require regular penetration testing.
However, a penetration test only provides a snapshot of a business’s security posture at a single point in time, and the report may not be available for several days or weeks. By automating security validation, businesses can continuously monitor their security posture and identify vulnerabilities in real time.
There is a range of options available for automating continuous security validation, depending on a business’s size and resources. For small businesses with limited resources, a basic solution that automates vulnerability scanning and patching can be sufficient. Mid-sized businesses may require a more comprehensive solution that includes automated penetration testing and incident response capabilities. Large enterprises may need a full-scale platform that provides end-to-end security validation, including threat intelligence and simulation capabilities.
By automating continuous security validation and adopting a threat-informed defense approach, businesses can improve their security posture and better protect their data against ransomware attacks and other cyber threats.
In addition to automation, there are several other strategies businesses can use to prevent ransomware attacks and protect their data. These include regularly backing up data, using encryption to protect data in transit and at rest, using a firewall and antivirus software, and monitoring for unusual activity.
A common framework for defense
One such strategy in monitoring unusual activity is the MITRE ATT&CK framework (Adversarial Tactics, Techniques, and Common Knowledge), which is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. By using MITRE ATT&CK, businesses can better understand the tactics and techniques used by attackers and implement appropriate defenses.
There are several ways businesses can use MITRE ATT&CK to improve one’s security posture:
- Use the ATT&CK framework to identify potential vulnerabilities and weaknesses in systems.
- Use ATT&CK-based tools and resources to test and validate defenses against known tactics and techniques.
- Monitor for indicators of compromise (IOCs) related to ATT&CK techniques and take appropriate action if necessary.
- Stay up-to-date on the latest ATT&CK techniques and incorporate this knowledge into your security posture.
In addition, it is essential to educate employees on security best practices. Recent studies have shown that a majority of security incidents were caused by negligent or careless employees. This can involve failure to secure devices and proper software updating or patching. Blatant disregard for security policies has also been a cause of such incidents. Meanwhile, there is also the risk of malicious actors from right within the organization.
Employees are the first line of defense against cyber threats. Make sure they know how to recognize and report suspicious activity and provide training on how to follow best practices for security, such as creating strong passwords and avoiding phishing scams.
Protecting valuable data through encryption
It goes without saying that ransomware attacks will only be successful if the data itself were not just stolen but also accessed by the attackers. Thus, encrypting data will ensure that even if it falls into the wrong hands, there is a lower likelihood of the data being exposed.
Use encryption to protect data both in transit and at rest. Encrypting your data can help prevent unauthorized access and protect against ransomware attacks. Use encryption for data in transit (such as when it is being transmitted over the internet) and at rest (when it is stored on devices or servers).
Despite best efforts, it is possible that your business could still fall victim to a ransomware attack. If a business does fall victim to a ransomware attack, it is important to have a plan in place for responding. Here are a few key steps to consider:
- Isolate affected systems: To prevent the ransomware from spreading, isolate any systems that have been affected by the attack. This may involve disconnecting them from the network and shutting them down.
- Consider paying the ransom as a last resort: In some cases, paying the ransom may be the only way to regain access to your systems and data.
Either way, businesses need to work with law enforcement and cybersecurity professionals to investigate the attack and prevent future occurrences.
Maintaining a strong security posture and taking proactive measures to protect against ransomware attacks is essential for businesses of all sizes. By adopting a threat-informed defense approach and automating continuous security validation, businesses can better defend against emerging threats and keep their data safe.