Ransomware has been top of mind for many of us in the cybersecurity industry as we have seen an increasing number of attacks impacting hospital networks, local governments and the broader supply chain. A ransomware attack on a company typically results in lost access to data and systems for some period of time and comes with a financial impact through lost revenue and money spent on recovery efforts. When a ransomware attack is directed at a company that is part of the supply chain, it can have a much wider impact as just one service provider can have a direct effect on hundreds or thousands of companies.
Understanding your organization’s readiness for the threat of ransomware is imperative, and knowing how the vendors in your supply chain factor into your readiness preparedness is a critical piece of your overall strategy.
It can be overwhelming trying to ensure all your defenses are covered and that you have done everything you can to prevent or lessen the impact of a ransomware attack. A strong strategy is far-reaching and multi-layered — encompassing architecture, endpoints, users and so much more.
So where should you start? A structured, logical approach can help bring some order to understanding your organization’s ransomware readiness. To help do this, let’s look at three primary categories: prevention, containment and recovery.
Prevention
Our primary objective is to keep ransomware out of our environment, preventing it from ever getting in from the start. From this defensive posture, we need to look at your infrastructure from the perimeter controls all the way to the end users. While we could cover this topic at length, we will focus our attention on the gaps where ransomware is most commonly being introduced.
Ultimately, the recommended prevention techniques are not new. They are the same key principles the information security community has been discussing for some time — restricting what’s accessible from the internet, vulnerability scanning, patching and strong authentication controls.
Containment
So in spite of your best efforts, ransomware gets into your environment. How can you stop the spread? Consider a fire in a building: The containment strategy comes before the actual fire through the use of firewalls, flame-retardant materials, etc. It’s the same for attacks like ransomware. Here are two key containment strategies:
A holistic approach to privileged account management is the key here. This includes understanding what privileged accounts you have and what they have access to; how they are used (e.g. domain admin vs. service account); and how those accounts are accessed and managed (e.g. the use of a privileged account management solution).
Recovery
Aside from an incident response plan, the most critical plan to aid in your recovery efforts is a business resiliency plan. How will the business continue to function? A strong resiliency plan will help to restore functionality of your core business systems.
Common attack vectors for organizations include third-party vendors in the supply chain. So how can we identify and reduce the risks our vendors present? First, answer these critical questions:
Actually identifying who your vendors are is no simple task. Is it possible you have vendors that have access to your network or data and you don’t know about it? Absolutely. The reality is the ability exists to go directly to a cloud-based solution and with nothing more than a credit card and a few mouse clicks, you now have a vendor with access to your data. If you don’t know who they are, it’s impossible to assess their risk to your organization. As for what they do, the vendors in your supply chain can perform all sorts of services. Some inherently provide a higher risk to your company based on the data or internal systems they have access to.
Answering these questions is a great starting point to perform adequate assessment activities against those vendors. The goal is to gain sufficient comfort that the vendors have the appropriate controls in place to protect your systems or data based on the services they are providing for you. There are many assessment strategies to leverage including the review of certifications such as SOC or ISO, assessment questionnaires like the SIG, penetration test results, etc. Regardless of how you approach it, validating your vendors have these controls in place can reduce the risk to your organization being impacted in the event of an attack.
As systems become more connected and complex, attackers may still find some way through your defenses. But being prepared for a ransomware attack can significantly reduce the impact and outage to your organization. With an in-depth defense strategy, along with appropriate containment and resiliency plans, your organization’s cyber strength can only rise.
Gary Brickhouse is chief information security officer of GuidePoint Security.
Ransomware has been top of mind for many of us in the cybersecurity industry as we have seen an increasing number of attacks impacting hospital networks, local governments and the broader supply chain. A ransomware attack on a company typically results in lost access to data and systems for some period of time and comes with a financial impact through lost revenue and money spent on recovery efforts. When a ransomware attack is directed at a company that is part of the supply chain, it can have a much wider impact as just one service provider can have a direct effect on hundreds or thousands of companies.
Understanding your organization’s readiness for the threat of ransomware is imperative, and knowing how the vendors in your supply chain factor into your readiness preparedness is a critical piece of your overall strategy.
It can be overwhelming trying to ensure all your defenses are covered and that you have done everything you can to prevent or lessen the impact of a ransomware attack. A strong strategy is far-reaching and multi-layered — encompassing architecture, endpoints, users and so much more.
So where should you start? A structured, logical approach can help bring some order to understanding your organization’s ransomware readiness. To help do this, let’s look at three primary categories: prevention, containment and recovery.
Prevention
Our primary objective is to keep ransomware out of our environment, preventing it from ever getting in from the start. From this defensive posture, we need to look at your infrastructure from the perimeter controls all the way to the end users. While we could cover this topic at length, we will focus our attention on the gaps where ransomware is most commonly being introduced.
Ultimately, the recommended prevention techniques are not new. They are the same key principles the information security community has been discussing for some time — restricting what’s accessible from the internet, vulnerability scanning, patching and strong authentication controls.
Containment
So in spite of your best efforts, ransomware gets into your environment. How can you stop the spread? Consider a fire in a building: The containment strategy comes before the actual fire through the use of firewalls, flame-retardant materials, etc. It’s the same for attacks like ransomware. Here are two key containment strategies:
A holistic approach to privileged account management is the key here. This includes understanding what privileged accounts you have and what they have access to; how they are used (e.g. domain admin vs. service account); and how those accounts are accessed and managed (e.g. the use of a privileged account management solution).
Recovery
Aside from an incident response plan, the most critical plan to aid in your recovery efforts is a business resiliency plan. How will the business continue to function? A strong resiliency plan will help to restore functionality of your core business systems.
Common attack vectors for organizations include third-party vendors in the supply chain. So how can we identify and reduce the risks our vendors present? First, answer these critical questions:
Actually identifying who your vendors are is no simple task. Is it possible you have vendors that have access to your network or data and you don’t know about it? Absolutely. The reality is the ability exists to go directly to a cloud-based solution and with nothing more than a credit card and a few mouse clicks, you now have a vendor with access to your data. If you don’t know who they are, it’s impossible to assess their risk to your organization. As for what they do, the vendors in your supply chain can perform all sorts of services. Some inherently provide a higher risk to your company based on the data or internal systems they have access to.
Answering these questions is a great starting point to perform adequate assessment activities against those vendors. The goal is to gain sufficient comfort that the vendors have the appropriate controls in place to protect your systems or data based on the services they are providing for you. There are many assessment strategies to leverage including the review of certifications such as SOC or ISO, assessment questionnaires like the SIG, penetration test results, etc. Regardless of how you approach it, validating your vendors have these controls in place can reduce the risk to your organization being impacted in the event of an attack.
As systems become more connected and complex, attackers may still find some way through your defenses. But being prepared for a ransomware attack can significantly reduce the impact and outage to your organization. With an in-depth defense strategy, along with appropriate containment and resiliency plans, your organization’s cyber strength can only rise.
Gary Brickhouse is chief information security officer of GuidePoint Security.
RELATED CONTENT
RELATED VIDEOS
Timely, incisive articles delivered directly to your inbox.