1 minute read
CYBERSECURITY
known malware variants, contemporary ransomware continuously morphs and can’t be detected using signature-based methods. As a result, anti-virus vendors can’t keep pace with the evolving ransomware landscape.
“Organisations can defend against modern ransomware by taking a multi-layered, defence-in-depth approach to security,” Higgins explains. “This includes robust Identity Security controls to contain breaches and spread. By combining strong Identity and Access Management capabilities – like multi-factor authentication – with comprehensive endpoint privilege manager and privileged access management solutions, organisations can block and limit the extent that ransomware can execute and spread.”
Advertisement
Ransomware still a cybercrime hotspot
CyberArk’s 2022 Identity Security Threat Landscape Report shows the ransomware attack vector continues to be a cybercrime hot spot, but the scale is staggering: 73% of global IT security decision-makers reported at least one ransomware attack on their organisation in the last 12 months.
The report also found the number of ransomware-based breaches grew by 41%, with attacks taking 49 days longer than average to identify and contain, according to IBM’s 2022 Cost of a Data Breach report. The same report found that destructive ransomware attacks increased by more than US$430,000 in cost for victim organisations.
Best practices to prevent ransomware attacks
As Higgins describes, organisations can make it more difficult for cybercriminals by restricting all network users to work under standard accounts with no admin rights. By cutting admin privileges and elevating certain users on an as-needed basis, security teams can shut off the ability for ransomware to run with escalated privileges and disrupt the attack.
“This is just one of countless ways for attackers to launch ransomware attacks, exploit privileged credentials and start moving laterally towards sensitive IT systems to steal confidential data,” Higgins comments. “Additionally, threat actors can often retrieve cached credentials without ever needing admin privileges. Therefore, having the ability to automatically detect and block credential harvesting attempts is a crucial endpoint security layer.”
Additional supplementary steps include adding automated secrets and credentials management on critical targets, such as backup servers, to eliminate stolen tokens or keys as an entry method. “You can also use a combination of application performance monitoring and security information and event management solutions to develop an audit trail for
