Premeditated ransomware attacks against our critical infrastructure grow more serious by the day and – as our 2021 threat report details – ransomware attacks are dramatically on the rise across many sectors.
BlackBerry’s recently published report, 10 Proactive Strategies to Defend Against Ransomware and Malware, details many of the most effective methods organizations are employing to combat this growing malware epidemic. In this blog, we’ll take a closer look at one particular approach that can help defend your organization against increasingly sophisticated ransomware attacks: the use of Zero Trust solutions.
The Next Generation of Ransomware
There are many reasons why ransomware attacks are on the rise, and why they are quickly becoming more difficult to defend against. One of the most important of these is the greatly increased attack surface that contemporary firms present to attackers, particularly in the post-pandemic era. With so many employees still working from home – many using their own computers, smartphones and tablets – we have given attackers more opportunities to invade our expanded network perimeter.
Attack techniques and targets have quickly evolved to take full advantage of this increased, and often less rigorously defended, attack surface. Socially engineered phishing attacks on employees used to account for the majority of successful cyberattacks; while they are still a common vector for transmitting ransomware, other ingress techniques are gaining popularity.
Another factor that has increased many organizations’ attack surface is the widespread practice of making their systems more accessible to customers. It’s no longer rare, for instance, to allow customers to log in to a supplier’s corporate systems directly, either to view data relating to a purchase, or to manage their own accounts. Public-facing systems of this type offer companies the ability to deliver the 24/7 customer experience people have grown to expect, but these types of shared-use systems also present new risks.
Every time a system is made available publicly, it invites hackers to attempt to infiltrate the system to deploy ransomware or other types of malware. This doesn’t mean using these systems should be avoided, but steps should be taken to ensure they are secure. Let’s take a look at two highly effective ways of doing just that.
Automating Your Defenses
As with other forms of automation, automated cybersecurity solutions are becoming widely available at price points that put them easily within reach of both major corporations and individual users. Automated security solutions constantly monitor the “perimeter” of your systems – the point where they interact with the external world – and identify threats as they occur, in real time, shutting down malicious actions within milliseconds.
Automated endpoint defense systems are only part of the story, however. As noted in our article on ransomware trends and defenses, the broader value of automation in cybersecurity is it provides your team with more time for what they do best – strategic thinking, and proactive planning. By removing the drudgery of patrolling IT systems for threats and constantly re-imaging virus-infected machines, IT staff is freed up to innovate, simplify, and improve security across your infrastructure.
Automation cybersecurity solutions are often paired with a parallel approach to improving cybersecurity defenses – meet the Zero Trust model.
Zero Trust models take the standard approach to user authentication, such as multi-factor authentication, and vastly expand its capabilities. With Zero Trust architectures, no device or service is allowed access to corporate data until it proves its identity, and confirms it has previously been granted access. This means that even automated Internet of Things (IoT) devices must authenticate themselves before accessing internal databases, and human users must prove they are who they say when accessing any system that you control.
A Zero Trust approach is easily achievable for businesses or individual users. As explained in our webinar on ransomware attack mitigation, this kind of model is absolutely necessary to detect and stop malicious lateral movement within your systems. Even the most well-planned and best-secured corporation is likely to have “invisible” gaps in its IT infrastructure, and even the smallest security hole affords a way for threat actors to penetrate systems via malware or ransomware.
Unfortunately, unauthorized ingress is a fact of life, because you can never stop 100% of all threats. Claims to be able to do so (by any vendor) should be taken with a pinch of salt. What is important is having the tools available to instantly stop attackers from being able to move around in your systems, even if they somehow manage to get around your security systems and gain entry to your network.
This is where the real value of the Zero Trust model shines: By requiring devices and users to authenticate themselves and prove who they are before being permitted to access data, you can successfully repel would-be attackers who have only one piece of the “identity” puzzle – such as stolen or leaked email addresses and passwords purchased on the dark web.
BlackBerry: The Partner You Can Trust
At BlackBerry, we’ve been leading the fight against ransomware for more than a decade. Our incident response team is on the front lines of that fight every day, and we regularly blog about our experiences to help educate and protect our readers.
To learn more, check out our new white paper, 10 Proactive Strategies to Defend Against Ransomware and Malware. It contains useful tips and tricks to help you protect yourself and your organization against attacks of all types.