Friday, November 04, 2022

This Is A Useful Discussion On Getting Ready For The Inevitable Ransomware Attack.

I spotted this last week

How can you prepare for ransomware attacks?

VMware Global Inc

By Darren Reid, Director of the Security Business Unit, VMware, ANZ
Wednesday, 19 October, 2022

If the last weeks have taught security practitioners anything, it’s that no organisation — regardless of size, sector or security budget — is immune to ransomware or the threat of a cyber attack.

In Australia, the healthcare industry has been one of the most targeted, with the Australian Cyber Security Centre (ACSC) stating that ransomware attacks against the Australian healthcare sector are growing. As an example, in 2021 large Australian organisations such as Eastern Health and Melbourne Heart group fell victim to ransomware. Of course, ransomware attacks are not exclusive to the healthcare sector, and VMware’s recent Global IR Threat Report found that over 60% of respondents had encountered ransomware attacks over the past year.

Business leaders and security professionals alike have only become more concerned about ransomware, and rightly so. This is due to a much more complex and broad attack surface than that of a decade ago. In tandem, cybercriminals have taken full advantage of the shift in working styles, becoming more motivated and sophisticated in their attack methods. In fact, the Global IR Threat Report also flagged that ransomware attacks have become increasingly malevolent, with over half of the reported encounters including double-extortion techniques. Furthermore, the Verizon Business 2022 Data Breach Investigations Report found that ransomware increased by 13% over the past year, representing an uptick greater than the past five years combined — with no relief in sight for the next year ahead.

Organisations must operate under the assumption that they will at some point be hit by ransomware. This requires having a holistic view of how such cyber attacks occur. An often overlooked element is the length of time an attacker may remain in a business’s environment before they trigger an attack. The longer they remain inside, the more information they can gather, the greater they can raise their access privileges and the more likely they are to cause catastrophic damage to your business.

Take the recent breach of Uber as an example. Information appears to demonstrate that the attacker operated within Uber’s environment for some time and has moved laterally across applications and platforms to gain broad access to a variety of highly sensitive, and potentially damaging, information. This is the biggest risk to most businesses — that the attacker will move laterally across the organisations and compromise multiple systems along the way.

This is why businesses need to choose the adequate tools and monitoring approaches to achieve ongoing vigilance and constant visibility into the normal behaviour of your applications, network, staff and systems.

Understanding how cyber attacks occur

As with anything, organisations must first ensure they have the fundamental view of risk, and an understanding of where cyber attacks arise from. Your view on risk will depend on your own business and applications used within the company. Businesses should reference known frameworks (such as NIST, Essential 8 and others) to understand which attacks are most likely in their industry or environment. Of those, which ones are the most dangerous, either in terms of pervasiveness or impact to the business? Of those that are high-risk or high-impact, which are most likely and how do they manifest? From these points, how does an attacker enter the business environment, whether it be through endpoint, email, physical access or a combination, and what mitigations are in place to prevent this type of intrusion?

Security teams must be able to see all the data and assets in an organisation in order to properly protect it and support these environments to continue running in the event of an attack. For this reason, it’s critical to establish a complete inventory of what the organisation has deployed in its environment — including what its current running state is and what the basic controls are around access and more specifically, privileged access.

Lots more here:

https://www.technologydecisions.com.au/content/security/article/how-can-you-prepare-for-ransomware-attacks--1201478022

A timely read I reckon.

David

 

No comments:

Post a Comment