Top 5 Security Must-Haves to Fight Ransomware

The high incidence of ransomware isn’t an issue swept under the rug these days. It’s glaringly obvious in international headlines and in board-level conversations. Yet, there still seems to be a gap in strategies and tools that organizations perceive as necessary to protect against the threat of ransomware.  

Ransomware attacks grew and destructive attacks got costlier according to the IBM Cost of a Data Breach 2022 report. "The share of breaches caused by ransomware grew 41% in the last year and took 49 days longer than average to identify and contain. Additionally, destructive attacks increased in cost by over USD 430,000." The impacts of these incidents rippled through tens of thousands of organizations, leaving no category of business unscathed. Small businesses, enterprises, federal, and private entities have all been targeted by malicious attacks.

Rising ransomware requires new efforts 

Digging into the details of today’s ransomware attacks, there are two things that have fueled the surge—Ransomware-as-a-Service and selling the names of companies that have previously been compromised.  

It has never been more appealing and financially beneficial to become a malicious actor. With the commoditization of attack tools and the ability for novice criminals to complete attacks at scale, the future is grim unless every organization begins to address areas that put their businesses at risk.  

The laundry list of options to help protect against this danger can be overwhelming and a real challenge in figuring out where to start—at least without expert guidance. However, taking important steps to achieve a higher level of security is achievable and a worthwhile initiative knowing the dangers ahead. 

To help, we’ve put together a list of five security “must haves” that every business should adopt to protect against future ransomware attacks. 

When it comes to ransomware, your best protection starts with removing the power from the adversary. If your organization has a strong backup plan with frequency and redundancy, even if someone gets a hold of sensitive data, you won’t have to pay to get it back.  

Good backup strategies start with an assessment to identify what data is worth saving and then determining what controls exist around that data to ensure its safety. Using penetration tests you can see how easy it is to get into your network and then prioritize improvements to safeguard the crown jewels. 

2. Multi-Factor Authentication (MFA) 

MFA plays a key role in stopping or at a minimum, slowing, ransomware attacks. Even if an attacker were to gain access to credentials, MFA requires validation of a combination of factors. What’s more, advanced MFA solutions also use contextual data to accurately detect abnormal activity and alter login requirements for those deemed to be “high risk” or suspicious. 

Requiring MFA layers on a challenge to access the network or log into corporate accounts. If multiple attempts are made, alerts can tip off the suspicious activity to ensure data access and exfiltration are minimized or blocked. 

3. Next Gen Endpoint Detection and Response (EDR) 

Disabling unused services, granting least privilege access, and performing timely patching to prevent vulnerabilities all work towards reducing risk. But with the nature of work changing, keeping track of everything can be daunting. Between the hybrid nature of work and BYOD, the proliferation of devices—both managed and unmanaged—has challenged organizations to find new ways to secure their environments.

Next Gen EDR solutions facilitate monitoring and quick responses to attacks like ransomware, despite the often-garbled view of what devices are accessing sensitive data. Using machine learning and artificial intelligence, EDR solutions can automatically identify and alert on new and emerging threats, allowing for real-time corrective actions. Additional forensic capabilities can help organizations not only stop or prevent attacks but also gather artifacts to uncover the full nature of any breach. 

Most threats still arrive by email, and email remains the de facto standard for corporate communications. These two facts alone highlight the importance of using strong email security against ransomware threats. Using modern email security, organizations can gain access to isolation features that keep messages in safe bubbles away from users and their endpoint devices. Plus, they can continue to use filtering and other defenses to help identify and block threats from being delivered to the end user in the first place. 

Ultimately, the “human element” is the weakest link as most compromises are human-activated. Meaning, they require some human involvement to provide access to your data (e.g., clicking on a malicious link, revealing credentials, or leaving a workstation unlocked). Even with all the previously mentioned technologies, adversaries will always find loopholes or new exploits to take advantage of. Instead, consider arming employees with the knowledge of how to detect and avoid common attack vectors to make them more cyber-aware.  

Want to get a jump on improving your organization’s security beyond these five must-haves? Access our checklist, 19 Cybersecurity KPIs to Help Your Business Succeed.