CS Mar Apr 2022
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ansomware<br />
ability to meet cybersecurity threats, yet 82%<br />
of organisations have suffered a ransomware<br />
attack in the past five years. This false sense<br />
of security is dangerous and can leave the<br />
door open for bad actors."<br />
There are a few things businesses can do to<br />
beef up their cybersecurity posture, Moles<br />
adds. "Continuous monitoring of the network<br />
for the use of insecure protocols is one<br />
example. Having a network detection and<br />
response (NDR) tool that can flag early signs<br />
of a breach prior to exfiltration and the<br />
ransomware payload being deployed is<br />
a key step to stopping a full-blown attack.<br />
A quick response will also allow identification<br />
of where the threat actor entered, so that<br />
developers can mitigate risk and, if possible,<br />
patch vulnerable code."<br />
Realistically, it's not possible to stop every<br />
single attack, he points out. "Preventing<br />
criminals from entering networks is still<br />
important, but IT needs a plan for when<br />
an intrusion does happen -catching the<br />
attackers in their midgame before the<br />
intrusion develops into a successful breach<br />
and theft or encryption of data. Ensuring<br />
good protocol, network segmentation and<br />
behavioural monitoring of the environment<br />
is crucial for organisations to help protect<br />
themselves."<br />
UNWANTED GIFT<br />
Ransomware is "the gift that keeps on giving"<br />
is the wry observation of Keith Driver, chief<br />
technical officer at Titania. "It's one of<br />
cybercriminals' favourite tactics, and it works.<br />
Attacks are skyrocketing. It only takes a quick<br />
search to find the names of recent victims -<br />
Nvidia, McDonald's, Acer, Ultimate Kronos<br />
Group (UKG), Colonial Pipeline. The list goes<br />
on; and those are the ones we know about.<br />
It's been reported that 84% of organisations<br />
have fallen victim to some form of phishing<br />
or ransomware attack in the last 12 months.<br />
And it's predicted that the global costs will<br />
reach $20 billion, a 75% increase from half<br />
a decade ago." The escalating problem is<br />
something businesses need to get ahead of,<br />
he states. "As well as defending the permit,<br />
educating users about phishing and the<br />
dangers of corrupted devices, more robust<br />
network security, especially around the core<br />
network, needs to be at the centre of a<br />
company's IT security plan. Maintaining<br />
network integrity will prevent data from<br />
being lost, stolen or held to ransom."<br />
Network segmentation and the principle of<br />
least privilege should be at the top of the<br />
agenda, he says. "They help prevent lateral<br />
movement within the network, limiting<br />
attacker options and visibility of network data<br />
during an assault. Segmenting the network<br />
and implementing least privilege policies<br />
helps with the journey to Zero Trust architectures:<br />
design principles recommended by<br />
CISA, DISA and the UK's N<strong>CS</strong>C.<br />
The benefits of network segmentation are<br />
numerous, he adds. "As well as making it<br />
more difficult to move east to west to pivot<br />
across networks, it makes it easier to monitor<br />
the network, too, and reduces the mean time<br />
to detect and remediate an attack (MTTD<br />
and MTTR). Security professionals can identify<br />
threats faster and isolate incidents quickly<br />
with a well-planned segmented network.<br />
With ransomware, the less access to valuable<br />
information the criminals have, the less data<br />
they can hold at ransom." As attacks level<br />
up their sophistication, businesses need to<br />
increase their security and overall cyber<br />
hygiene to stay one step ahead. "You may<br />
not prevent the bad guys from getting in,<br />
but you can stop or limit them from getting<br />
what they want and ruining your business."<br />
THE LINUX LINK<br />
Finally, VMware has released a threat report<br />
titled 'Exposing Malware in Linux-Based<br />
Multi-Cloud Environments'. Key findings that<br />
detail how cybercriminals are using malware<br />
to target Linux-based operating systems<br />
include how ransomware is evolving to target<br />
host images used to spin workloads in<br />
virtualised environments.<br />
Ashok Sankar, ReliaQuest: the enlarged<br />
attack surface of the modern, digital<br />
enterprise, plus the interconnected<br />
supply chain, makes trying to stop<br />
ransomware complex.<br />
Ian Thornton-Trump, Cyjax: the only success<br />
story we can attribute to ransomware is<br />
publicly benchmarking its victims on the<br />
deplorable state of their organisation's<br />
security.<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Mar</strong>/<strong>Apr</strong> <strong>2022</strong> computing security<br />
31