We look forward to presenting Transform 2022 in person again on July 19 and virtually from July 20 to 28. Join us for insightful conversations and exciting networking opportunities. Register today!
Today marks the first anniversary of the Colonial Pipeline ransomware attack, one of the largest cyberattacks in recent history, in which a threat actor known as DarkSide used a single compromised password to gain access to the internal systems of the US’s largest pipeline operator.
While the hackers began encrypting the organization’s data during the attack, Colonial Pipeline responded by taking its systems offline to stop the threat from spreading, but temporarily halted pipeline operations and eventually paid a ransom of $4 $.4 million.
Even after the Colonial Pipeline attack is over, ransomware remains an existential threat to modern businesses, and as ransomware attacks proliferate, businesses need to be prepared.
The good news is that there are a growing number of security controls that organizations can implement to protect against these ubiquitous threats.
Deploy Zero Trust architectures
Credentials are one of the main targets of cyber criminals. As a result, it is becoming increasingly important for security teams to implement support for Zero Trust authentication to make it more difficult for unauthorized users to log in with compromised credentials.
“The Colonial Pipeline ransomware attack was another high-profile example of how compromised credentials were exploited to exploit previously considered secure infrastructure. As a result, security protocols must evolve to keep up with dynamic threats in distributed computing environments,” said Gal Helmemski, CTO and co-founder of identity access management provider Plain ID.
Helemski suggests that organizations can avoid falling victim to similar attacks by implementing a Zero Trust architecture that extends access controls beyond traditional network access security throughout the lifecycle of the digital journey.
Implement robust incident detection and response capabilities
One of the biggest factors that determines the overall impact of a ransomware breach is the time it takes for the organization to respond. The slower the response time, the more opportunities a cybercriminal has to locate and encrypt critical data assets.
“Colonial was a major turning point for infrastructure security across the public and private sectors, but organizations must remain vigilant to stay ahead of cyber attackers,” said Neil Jones, director of cybersecurity evangelism at ransomer detection and recovery platform Egnyte.
In practice, this means developing a comprehensive incident response plan, deploying solutions with ransomware detection and recovery capabilities, and providing cybersecurity awareness training for employees to implement effective privacy policies such as strong passwords and multi-factor authentication .
Don’t rely on backup and recovery solutions to protect data
Many companies try to protect themselves from ransomware threats by relying on data backup and recovery solutions. While this sounds like an effective defense on paper, ransomware attackers have begun threatening to reveal the data they’ve encrypted if the victim’s organization doesn’t pay the ransom.
Rather than relying on encryption at rest, which attackers with compromised credentials can bypass, Arti Raman, CEO and founder of encryption provider Titaniam, recommends that organizations switch to data-in-use protection.
“Should attackers using encryption in data protection breach the perimeter security infrastructure and access controls, both structured and unstructured data can be used [and] will [be] indecipherable and unusable by bad actors — making digital blackmail much more difficult, if not impossible,” Raman said.
Make an inventory of your attack surface
With so many advanced threat actors attacking modern organizations with ransomware threats, technical decision makers and security teams need to have a complete inventory of what systems are exposed to external threat actors and what data they hold.
“As the US government seeks to strengthen national cybersecurity, organizations must take a proactive approach to securing their own assets, and here lies the benefit: responsiveness,” said CEO and co-founder of managed security services organization, Cyber Security Works. Aaron Sandeen.
“By conducting a full systems inventory, either independently or by outsourcing it to a vulnerability management company, organizations expand their cybersecurity visibility into known and unknown exploits,” said Sandeen.
While the group behind the Colonial Pipeline attack is no longer in existence, Sandeen warns that organizations will continue to see a growing number of exploits, vulnerabilities, and APT threat actors willing to exploit them, “which takes security leaders to be prescient and inventive.” Ransomware threats provide assistance in categorizing and eliminating them.”
Deploy identity management solutions to identify anomalous user activity
In the age of remote working and employees using personal devices to access corporate resources, the risk of data theft is greater than ever. “Most of the breaches we hear about in the news are the result of companies relying on automated access control and detecting too late when a user has been hijacked.
“Once an account is compromised, identity-based fraud can be extremely difficult to detect given the advanced tactics and randomness of various criminal groups such as LAPUS$ and Conti,” said Gunnar Peterson, CISO of trust platform Forter.
Because of this, organizations need to be able to identify anomalous user activity so they can spot account takeovers, which Peterson says can be accomplished by deploying an AI-driven identity management solution with anomaly detection.
VentureBeat’s mission is intended to be a digital marketplace for technical decision makers to acquire knowledge about transformative enterprise technology and to conduct transactions. Learn more about membership.