Last year, multiple industry verticals saw the extreme effects of ransomware, with WannaCry and Petya leading the pack in terms of damage. To make matters worse, according to a report by Kaspersky, the number of ransomware threats is expected to increase in 2018. The evolution of ransomware, resulting in more diverse and innovative attacks, is going to heavily hit enterprises in 2018.
In my previous articles, I explained how ransomware has evolved over the years and also gave a brief overview of high-profile ransomware threats. In this article, I’ll spend some time talking about how you can secure your enterprise against future threats.
Insight on building strong IT security
Devising a ransomware defense plan isn’t easy. If you’re wondering where and how to start, here’s a short cheat sheet on a few security mechanisms that are especially helpful in preventing and detecting ransomware threats.
An intrusion detection system (IDS), like the name implies, is software or a device that helps detect malicious activity in a network. Most enterprises accompany their IDS with some kind of security information and event management (SIEM) tool. Honeypots are a common example of an IDS; after deploying a false server as a decoy for hackers, enterprises can identify attackers’ IP addresses, block those malicious IP addresses, and more. IDSs are often compatible with firewalls and DNS servers, which helps them detect threats using two different approaches: network-level detection using a network intrusion detection system (NIDS) and device-level monitoring using a host detection intrusion system (HIDS).
Apart from an IDS, enterprises can also adopt advanced threat prevention (ATP) methods to detect, analyze and prevent threats. ATP is the most advanced threat detection method employed by many leading anti-virus solutions.
While ATP is more of a reactive approach, endpoint security management can help you proactively keep your endpoints free from vulnerabilities. Endpoint security management comes down to updating your devices regularly and securely deploying configurations as needed.
The future of cybersecurity
If there’s one thing that’s true about cybersecurity, it’s that there is always room for improvement. Forward-looking CSOs may be asking themselves how they can better prepare for future threats without adding to their IT administrators’ workloads. SIEM, endpoint security, endpoint protection, and IDS solutions have partially answered that concern by consolidating threat information, monitoring and securing endpoints, and using pattern recognition to detect attacks; however, users may find that they’re still getting too much information and false positives or just simply aren’t sure how to respond to the threat data they receive.
Apart from ensuring that the right security measures are in place, a little bit of artificial intelligence (AI) is exactly what IT security professionals need. The reason AI looks so promising for cybersecurity is its potential to streamline both threat analysis and resolution. With smarter threat recognition, AI-enabled security solutions are slated to be more precise than traditional SIEM tools and better at detecting completely new attacks. Based on an IDC report from a year ago, almost 70 percent of enterprises planned to adopt AI by 2018 to improve their cybersecurity strategy and assist their admins in dealing with cyberthreats, including ransomware.
Preventing ransomware attacks
Even if your enterprise has already adopted the latest security solutions, one thing still holds true: knowledge is power. With so much concern about cybersecurity in 2018, getting a better understanding of ransomware — specifically its behavior, variety, motives and effects — can go a long way in helping you combat attacks.