The scourge of ransomware has been wildly escalating, causing mayhem not just for companies, but for society. Witness the high-profile breaches impacting critical infrastructure while damaging trust relationships across healthcare, financial, retail, manufacturing, oil and gas, and other industries we depend on every day.
Everyone from individuals to global organizations needs to ask themselves: Am I ready for the threat of ransomware?
Of course, we’d do everything prudent to keep ransomware from threatening us in the first place. However, the reality is that protection is only one aspect of the lifecycle of cybersecurity.
To visualize and communicate priorities across the ever-evolving threats of ransomware, I like to think in terms of the NIST Cybersecurity Framework. Here are some representative considerations for managing and mitigating ransomware.
Ransomware Mitigation Framework
If those representative considerations seem overwhelming, they’re nothing compared to being overwhelmed by a ransomware attack. Many aspects of the framework are just solid cybersecurity hygiene. Some are processes and workflows with shared responsibilities across functions, both internal and external to the organization. Let’s break down a few of the “big impact” items into some current areas to focus on for individuals and organizations.
10 Tips for Mitigating Ransomware for Individuals and Organizations
- Awareness: Be vigilant, especially during disruptions to avoid common behaviors and attack vectors that lead to ransomware. Monitor news on the latest ransomware techniques and widely communicate how infections are being introduced. Report on the state of awareness of the organization, encourage innovative ideas for mitigations, and reward progress.
- Access: Weak credentials and passwords are the leading access vector for ransomware. Now’s the time to prioritize initiatives to improve the effectiveness of credential management, require multi-factor authentication (MFA), and move toward FIDO2 and a passwordless future.
- Application Security: Ransomware is commonly introduced through malicious hyperlinks in email, browsers, PDFs, and other pervasive application interfaces. It’s essential that application-level hardening be performed and that all resource delivery methods (direct, proxied, virtualized, and containerized) are specifically configured to protect application-specific, as well as app-to-app, communications.
- Endpoints: Insecure endpoints enable ransomware to sprout and grow. All endpoints and devices, including managed and unmanaged (third-parties, BYO, IoT) must be assessed before allowing access to networks, VPNs, applications, and content. And this assessment of endpoint health and security capabilities must be continuous — not just at the point of login. Aim for endpoint simplification, restrict administrative capabilities, and configure for least privilege. Keep sensitive data off endpoints whenever possible.
- Networks: Insecure networks enable ransomware to spread like wildfire. Configure separate networks for personal and home with restrictions on crossing between the two, while disabling mesh networking to reduce the threat of lateral movement. Consider implementing edge security — also known as Secure Access Service Edge (SASE) — which provides advanced network protections combined with automated cloud-delivered security services to further protect critical usage, admins, and highly privileged workers. In return-to-office plans, if there’s a concern that clicking a malicious link will take out the entire network, start rearchitecting for zero trust immediately.
- Zero Trust: With the guiding principle of “All Trust Must be Earned,” zero trust upends trusted device, network, and user security models. Every access and usage request must be scrutinized to be continuously situationally aware and contextually risk-appropriate. While Zero Trust is commonly applied just to networks as zero trust network access (ZTNA), the principles of zero trust extend to provide microsegmentation across apps, APIs, and services. Embrace zero trust.
- Vulnerability Management: Once patches are issued by a vendor, it can be only minutes before exploits are developed and maliciously deployed. Automate patch management whenever possible to update devices, operating systems, and applications. Unsupported legacy technologies that can’t be patched must be decommissioned or air-gapped from networks and other applications. Consider moving to cloud services that manage patches and service updates.
- Analytics: Provide observability, insights, and automation across business interests and technologies to identify, protect, detect, respond, and recover. Ensure that critical insights are rapidly disseminated to help individuals and the organization to prepare and respond to imminent and evolving threats.
- Workforce Continuity: When disruption strikes, effective containment is essential, as is getting the workforce back to productivity. A well-tested and rehearsed plan is essential.
- Collaboration: From readiness to response, there are shared responsibilities, workflows, escalations, dependencies, and critical communications aspects that are unique to ransomware. Anything that impedes or adds latency to collaboration only adds pain and expense to a ransomware event. Set up a virtual collaboration “war room” and run tabletop exercises and other simulations to optimize operational efficiency under duress.
The Future of Ransomware
What will you do to prepare for tomorrow’s ransomware attacks? Ask your strategic vendors, partners and trusted advisors for both today’s leading practices as well as future-focused options for managing and mitigating ransomware. With evolving vectors, using a work management platform that provides for collaboration, workflows, integrations and agility is key to adapting to future threats.
Stay tuned, as we’ll also soon be providing details on The Ransomware Project: Managing Ransomware from Readiness to Response. Leveraging collaborative work management to manage across the Ransomware Mitigation Framework as a multi-faceted project brings additional promise to reducing the impact of the scourge of ransomware.
