26th July 2021, Kathmandu
Alex Restrepo, the cybersecurity researcher at Veritas, lays out the key concepts that organizations should be fixating on now and implementing today.
The ransomware landscape is evolving, and ransomware is now one of the most popular (for cybercriminals) and damaging types of malware. The JBS, Colonial Pipeline and Kaseya assailants are the recent high-profile examples of the impact of ransomware and the monumental consequences it can have: Shifts in the market, impact on infrastructure and even leading to action at the highest calibers of the regime.
In the wake of these assailants and other events like the SolarWinds attack, the executive branch has taken action in the form of an executive order (EO), which covers several cybersecurity concepts. This order emboldens private sector companies to follow the Federal government’s lead to avail minimize the impact of future incidents.
There are several different concepts outlined in the EO, so to avail organizations get commenced, I’ve outlined some of the key concepts that organizations should be fixating on now and offer a few tips on how you can commence implementing these strategies today.
1. Adopt a “Zero-Security” Posture towards Ransomware
One of the orders that stood out to me is the “Modernize and Implement More vigorous Cybersecurity Standards in the Federal Government” requisite. This aims to move the Federal Regime to increment and adopt better security practices with zero-trust security, expediting kineticism to secure cloud accommodations and the deployment of multifactor authentication and encryption.
At Veritas, we counsel enterprises to adopt what we call a “zero-security” posture; it’s the mentality that even the most efficacious endpoint security will be breached. It is consequential to have an orchestration so that you’re prepared for when this transpires.
2. Be Active, Not Passive
Enterprises need to have a robust endpoint data bulwark and system security. This includes antivirus software and even whitelisting software where only approved applications can be accessed. Enterprises need both an active element of bulwark, and a reactive element of instauration.
Companies hit with a ransomware attack can spend five days or longer recuperating from an assailment, so it’s imperative that companies are actively implementing the right backup and recuperation strategies afore a ransomware attack.
3. Don’t Put All Your Eggs in One Basket
Ebony hats who are developing ransomware are endeavoring to obviate any denotes of egress from an enterprise having to pay the ransom. This is why ransomware attacks target files and systems in utilization, as well as backup systems and cloud-predicated data.
We urge organizations to implement a more comprehensive backup and instauration approach predicated on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. It includes a set of best practices: Utilizing immutable storage, which averts ransomware from encrypting or effacing backups; implementing in-transit and at-rest encryption to avert lamentable actors from compromising the network or glomming your data; and hardening the environment by enabling firewalls that restrict ports and processes.
4. Engender a Playbook for Cyber-Incidents
The other aspect of the EO I wanted to physically contact on was the call to “Create a Standard Playbook for Responding to Cyber Incidents.” The federal regime plans on engendering a playbook for federal agencies that will withal act as a template for the private sector, to avail companies take the congruous steps to identify and mitigate a threat.
Time is of the essence, so afore we visually perceive the federal government’s playbook, here are a few consequential steps organizations should be cogitating when it comes to engendering their own:
Digital Runbook:
Having an orchestration on paper is a commencement, but having a digital plan that can be facilely viewed and executed with a single click is essential. The more intricate an orchestration is to run, the longer it will take to recuperate from an assailment.
Test, Test, Test:
Testing ascertains your orchestration will work when you require it. Initial testing is consequential to ascertain all aspects of the orchestration work, but IT environments are perpetually in flux, so it is critical to test customarily.
Remove Single Points of Failure:
The 3-2-1 practice is the conception that you should have three or more facsimiles of your data so that any single failure doesn’t derail your orchestration. That you have at least two distinct mediums of storage so susceptibility in one doesn’t compromise all of your facsimiles. At least one of these two mediums should be offsite or an air-gapped copy so that you have options should an assailment take out an entire data center.
Have Options for Expeditious Recuperation:
When an assailment instauration takes down an entire data center, instauration can be slowed dealing with compounded challenges around hardware, network, workloads, and the data itself. Having an alternative option such as expeditiously standing up a data center on a public cloud provider can truncate downtime and provide alternatives to paying a ransom.
5. Recollect: Ransomware Is an Arms Race
Preparing your company for an inevitably ineluctable ransomware assailment is becoming more critical every day. The Colonial Pipeline attack has driven incipient mandates for cyber resiliency, and as security bellwethers, we have a critical role in ascertaining we’re doing everything we can to bulwark and secure valuable and sensitive data.
Ransomware won’t be “solved.” I optically discern it as an arms race where we all have to be perpetually vigilant, especially around elements that are out of our control. No single solution or security control is going to stop ransomware, but by taking a layered security approach, you’ll be able to mitigate the impact of and get back up and running very expeditiously.