Protecting IT assets from Ransomware

System breached. Data leaked. Crisis communications needed. That’s the scenario of a ransomware attack that many organisations dread. Unfortunately, it has also become a nightmare come true for some in recent years.

In 2020, 89 cases of ransomware attacks were reported in Singapore, according to the Cyber Security Agency of Singapore. This is a massive 154 percent jump from 2019. And the situation’s getting worse because 68 cases were reported in just the first six months of 2021.

Exacerbating this is the pandemic which has resulted in many people working from home or in a hybrid work arrangement. Providing access to networks and critical data to support a remote workforce can expose enterprise IT infrastructures to greater security risks.

The cost of cyberattacks is high – disrupted or crippled operations, financial risks, legal liabilities, shaken customer confidence, and damaged reputation are just a few of the consequences.

Singapore’s government stepped up its action to protect personal data with the Personal Data Protection (Amendment) Act in November 2020. Under the act, organisations need to report a breach within 72 hours and face a financial penalty of up to S$1 million.

The truth is that attacks have become more sophisticated and harder to defend against, putting many networks at risk.

Agile and highly responsive security strategy is vital
 

How an organisation plans for and executes an IT security strategy is vital for business continuity. A key consideration is to have an agile and highly responsive security strategy.

The United States’ National Institute of Standards and Technology (NIST) provides a good cybersecurity framework listing five functions – identify, protect, detect, respond, and recover – when developing such as strategy.

·         Identify the business environment, hardware, and software on premise or in the cloud, cybersecurity policies and regulatory compliance, and vulnerabilities and threats to the IT infrastructure.

·         Protect critical infrastructure services that support the business and limit or contain the impact of a potential cybersecurity attack.

·         Detect anomalies and events that can lead to a cybersecurity occurrence in a timely manner.

·         Respond quickly to any detected cybersecurity incident to contain its impact.

·         Recover from any incident by restoring systems and services.

When developing a cybersecurity strategy based on this framework, it is worthwhile noting two trends.

Firstly, many organisations have shifted from on-premises to hybrid cloud IT infrastructure. This means that data and applications are no longer residing just physically in the data centre, and security has to be more than just an on-premises approach. It needs to be a hybrid protection strategy.

The second trend is Ransomware as a Service (RaaS). One does not need to possess slick programming skills to create a ransomware. Malicious software is available as a service, making it readily available to anyone with ill intent. Anyone can purchase RaaS, steal data and sell on the Dark Web.

6 strategies to protect your data
 

At the end of the day, your critical business data is your responsibility to protect from ransomware, including the information, devices (mobile and PC), accounts and identities connected with your business.

To ensure end-to-end security for your critical business data and infrastructure, take an architectural approach from the network edge, across all endpoint devices, and all the way back to the data centre.

Your best strategy is to be proactive; prevent whenever possible, detect any breach attempts, and use containment to limit the types of attacks and infection of endpoints and systems. Here are 6 strategies you can adopt to holistically protect your organisation from ransomware threats.

1. Discovery: Threat hunting is an important part of a solid ransomware prevention strategy. It focuses on the identification of anomalous and suspicious behaviors and determines if there are any ongoing threats present within your environment. Some companies will hire a third party to help them with threat hunting, while others will dedicate internal resources to this important task.

2. Enforce security policies: Conduct regular audits and set goals to enforce security policies and procedures. Security policies govern the integrity and safety of the network and help organisations stay resilient, by providing rules and safety protocols for accessing the network, connecting to the Internet, adding or modifying devices or services, and more. Organisations should have an anti-ransomware or cybersecurity strategy that addresses not only the steps to prevent an attack, but also what to do during and after an attack. 

3. Harden endpoints: Continuously hunt for vulnerabilities and apply timely patches and other remediations to harden your environment against all types of threats. Ensure all of your organisation’s operating systems, applications, and software are updated regularly. Implementing multi-factor authentication will also help close the security gaps that attackers are looking to exploit.

4. Create a secure backup strategy: Backing up important data is one of the most effective ways of recovering from a ransomware infection. Having backup solutions for productivity apps like Microsoft Office 365 fills the gap of long-term retention and data protection with the option to export backup data in a variety of formats and locations. That way, bad actors cannot hold your data for ransom as you can simply restore it from a secondary, secure location.

5. Regular security awareness training for users: Most ransomware attacks are focused on tricking users through phishing and malvertising attempts. Your best defense is a good offence in this case. It’s a good idea to conduct regular security audits in which you test user knowledge and understanding of ransomware and phishing exploits. Plus, you should offer regular training aimed at increasing security awareness among users.

6. Encourage users to communicate and report security incidents: Your end-users can be of great help to you if they can spot and report suspicious emails, behaviours, websites, and attachments. Try to foster an environment of transparency, awareness, and cooperation around security across your entire organisation.

Securing internet, cloud and private app
 

In light of these trends, organisations would do well if the following three things are provisioned to secure their networks at the edge, the points where users access the corporate network.

1.       Secure Internet access. Organisations need to provide internet access to employees to do a host of activities such as browsing, research and communication. The typical security measures include proxy websites and URL filtering.

2.       Secure SaaS access. Document sharing with internal and external parties is part of today’s way of working. Dropbox and Google Drive are among the file sharing platforms that make collaboration easier and work more efficient. Measures need to be in place to prevent these documents from being viewed, downloaded or stolen by unauthorised parties.

3.       Private app access. There are applications that sit in the data centre or cloud that are open to employees and partners. This is an area that needs to be treated as a separate security domain.

Securing access to the internet, shared applications and private applications are essential in the entire security strategy planning.

Regaining the upper hand
 

While it’s not necessarily a do-or-die scenario, having an agile and highly responsive security strategy can help organisations regain control of their networks.

From the number of reported cases, it is clear the army of cyber attackers is growing in number.

They have the upper hand in terms of deciding when to strike and how to strike. Strikes are known to take place over the weekends or nights when no or few employees are working. This drives home the message that your IT infrastructure must be defended even when nobody is around.

Organisations can counter the attack by being prepared, adopting a security strategy, and deploying security solutions that work for them. Here are the four steps to do so:

1.       Start by developing a security strategy based on the NIST framework.

2.       Turn to a trusted partner that understands your needs and provides solutions that address your challenges and protect your business. Choose a partner with deep domain expertise, a proven track record and will be always around for you in years to come.

3.       Adopt a suite of security solutions. No single solution can tackle all of today’s complex security challenges. Go through your strategy and choose a basket of solutions that can provide complete protection for your network.

4.       Recognise that implementing a security plan requires a teamwork of colleagues and partners. Regardless of the size of your organisation or security team, working as a team will help you have a more secured network.

With a deeper understanding of security risks in a post-pandemic world, you will be able to develop a more comprehensive security plan to safeguard your organisation.

Reference sources:
https://www.businesstimes.com.sg/government-economy/ransomware-cases-in-singapore-rose-154-in-2020
https://www.csa.gov.sg/News/Press-Releases/ransomware-incidents-online-scams-and-covid19-related-phishing-activities-dominated-cyber-landscape-in-2020