Critical security controls against ransomware
Enterprises can rely on tested measures to defend against ransomware , many of which do not require significant human or financial resources says Ned Baltagi at SANS Institute .
Today , ransomware stands as a significant money-maker for nefarious individuals , and is no longer just an attack that seeks to encrypt important files . Instead , it has evolved to include data theft and post-exploitation , using data garnered from attacks and leaks . On top of that , the emergence of Ransomware as a service , RaaS has meant that a much wider group of minimally skilled attackers can now launch sophisticated attacks .
RaaS providers have full-fledged strategies and business models and leverage formal operating methods to carry out attacks . They market themselves on the dark web and secure clients interested in single or multiple attacks , even going so far as to maintain retainer relationships with them . As part of their fees , RaaS providers can offer advice and round-theclock assistance , in addition to assisting in negotiations with a victim .
Going forward security experts believe that ransomware will increasingly begin targeting IoT devices as entry points , and target third-party applications , supply chain software , remote monitoring , and management software . It is also believed that ransomware will focus on operational technology , OT that is frequently found in
Ned Baltagi , Managing Director , Middle East , Africa , and Turkey at SANS Institute critical infrastructure systems , which means the potential for damage outside of the targeted organisation is high .
Considering these evolving threats , organisations have been forced to mature and are gradually improving at defending against ransomware . The goal of many companies now is to reach a point where threat actors cannot successfully hold them to ransom by holding their data hostage . While this is a step in the right direction , the approach does not protect companies against data theft and post-exploitation .
With data theft , attackers penetrate an organisation ’ s systems , steal important data , and encrypt it , hoping for payment . This is a challenging situation because while it is possible to pay ransomware actors to unlock files , with proof that unlocking will work before paying a dollar , when data is stolen threat actors merely promise to delete stolen files . Can they be trusted to do this once they have been paid ?
When suitable tactics or measures are discovered for the data theft challenge , security analysts should make the effort to propagate them to other markets at pace , not delay implementation . Cyber insurance ,
38 www . intelligenttechchannels . com