The Ransomware Spotlight Year-End Report from Ivanti, conducted in partnership with Cyber Security Works and Cyware, found that there is now a total of 157 ransomware families – an increase of 32 from the previous year.
Targeting unpatched vulnerabilities and weaponizing zero-day vulnerabilities in record time allows ransomware families to inflict debilitating attacks. They are evolving too, finding new ways to compromise valuable organizational networks as well as expand their attack spheres, to implement and trigger high-impact attacks.
But it’s not all bad news: As ransomware threats increase, so do sophisticated countermeasures. These barriers offer protection and can dramatically reduce the damaging effects that such attacks can have.
The MAP for your cybersecurity journey
Through reducing attack surface areas and proactively scanning and surveilling for threats, countermeasures reduce the time and human resources spent on defenses.
Building scalable and framework-aligned cybersecurity protocols is particularly important in the age of the Everywhere Workplace. To achieve this companies must embark on a three-step journey: Manage, Automate and Prioritize (aka MAP).
The first phase, Manage, focuses on establishing the business’s cybersecurity foundation. The second, Automate, alleviates the burden of IT. The last one, Prioritize, maps out how to get to a point where IT can identify and act on the top risk areas.
There is an easy 6-step process to a comprehensive MAP strategy:
Step 1: Gaining total asset visibility
It’s impossible to manage what cannot be found. Automated platforms that cover all connected devices and software and can enhance visibility over assets will aid in providing contextual information on how all the assets are being used. This data is vital to organizations’ IT and security teams and will inform them on how they can make well-calculated and effective decisions.
If comprehensive enough, this discovery initiative will find all assets, from corporate-owned to Bring-Your-Own-Device (BYOD) devices. This gives insight into who, how and when these devices are being used and – more importantly – what they have access to. Security teams can take this knowledge and use it to improve asset protection.
Step 2: Modernize device management
In remote and hybrid working environments, one of the essential parts of increasing security is modern device management. To maximize user privacy while also maintaining secure corporate data, businesses should implement a unified endpoint management (UEM) approach that fully supports BYOD.
UEM architectures usually include the ability to establish device hygiene with risk-based patch management and mobile threat protection. It can also easily monitor device posture and ensure compliance and identify and remediate issues quickly and remotely. When choosing a UEM solution, it is important to pick one with management capabilities that can span over a wide range of OS, as well as being available both on-premises and via software-as-a-service (SaaS).
Step 3: Establishment of device hygiene
Good device hygiene isn’t just about patch management – it should also involve taking a multi-layered, proactive approach. Ensuring that the only devices that are allowed to access business resources are those that meet defined security requirements will reduce the digital attack surface.
There are various vulnerabilities that companies need to look out for: device vulnerabilities (vulnerable OS versions, jailbroken devices, etc.), application vulnerabilities (suspicious app behavior, security risk assessment, etc.) and network vulnerabilities (unsecured Wi-Fi, malicious hotspots, etc.). Building processes that help identify these vulnerabilities are well-defined and repeatable. The eventual automation of routine security tasks can help businesses establish top level device hygiene.
Step 4: Assuring users are secure
Once threat actors get hold of passwords, they can be weaponized. In data breaches, login credentials are still the most sought-after data types and are involved in 61% of breaches. One particularly vulnerable area is single sign-on (SSO) solutions. This is due to them creating a single point of failure which hackers can use to access most or even all enterprise apps.
So, what’s the solution? Passwordless authentication via zero sign-on. Replacing passwords with alternative multifactor authentication provides a far more secure defense layer. Examples of these alternative authentication methods can be possession, context or inherence (biometrics such as fingerprints Face ID etc.).
Step 5: Securing perimeters
With the changing world and the rise of the Everywhere Workplace, the network perimeters that sufficed for in-office aren’t efficient for this new world. Because of this, networks for businesses today must be built on the principles of the software-defined perimeter (SDP). SDP can be integrated into existing security systems to advantage proven, standards-based components. It’s worth noting that SDP still requires a layer of security to receive the maximum benefits, which is where zero-trust network access (ZTNA) is needed.
Step 6: Monitoring to make improvements
One of the main problems with assessing security posture is that they are often reactive to an attack. This combined with the lack of filled IT roles causes a big issue. To mitigate threats and stay compliant, getting a handle on government, risk, and compliance (GRC) management is imperative. IT should search for a solution that has quick and easy regulatory documentation imports to map citations with security and compliance controls. This accompanied with replacing manual tasks with automated repetitive-governance activities will aid in the monitoring of the cybersecurity defense methods.
With the right comprehensive and integrated solutions, businesses can ease the burden on IT staff as well as preserve an efficient, productive, and intuitive user experience. With this, enterprises can maintain integrity regardless of where, when, or how their employees chose to work.