How organizations are beefing up their cybersecurity to combat ransomware

Most organizations surveyed by Hitachi ID are moving partly to software-as-a-service. Less than half have adopted a Zero Trust strategy.

shutterstock-492479059.jpg

Image: Shutterstock/Carlos Amarillo

The recent wave of ransomware attacks has triggered heightened concerns among everyone from the private sector to the federal government. To better combat ransomware attacks, organizations realize that they have to improve key aspects of their cyber defenses. A report released Monday by identity management provider Hitachi ID looks at the changes that businesses are making to avoid becoming a victim of ransomware.

SEE: Security Awareness and Training policy (TechRepublic Premium)

A survey conducted by Pulse and Hitachi ID throughout September asked 100 IT and security executives what modifications they're making to their cybersecurity infrastructure, how those changes are able to better handle cyberattacks, and how politics plays a role in their strategy.

Software-as-a-service (SaaS) is one key method in cybersecurity. A full 99% of the respondents said that at least some part of their security initiatives includes a move to SaaS in which an external provider hosts and delivers cloud-based applications to its customers. Some 36% said that more than half of their efforts involve this type of move.

Among other security goals that have been initiated, multi-factor authentication has been started by 82% of those surveyed, single sign-on by 80%, identity access management by 74% and privileged access management by 60%. But Zero Trust, which increasingly is being advocated as a more effective strategy, is lower on the list.

Only 47% of the respondents said they've executed Zero Trust principles and policies. However, almost three-quarters admitted that they see an advantage in outsourcing their Zero Trust architecture components from fewer vendors as a way to simplify the strategy.

One challenge in shifting applications to the cloud rests with legacy systems that can't easily be migrated. A full 86% of those surveyed acknowledged that they do have legacy systems that need to be secured.

SEE: Ransomware attackers are now using triple extortion tactics (TechRepublic)

Cybercriminals who deploy ransomware have been getting bolder in how they devise their attacks. One strategy is to try to recruit insiders willing to exploit their own company. Almost half (48%) of the respondents said that they or other employees had been approached directly to assist in pulling off a ransomware attack. More than half (55%) of directors said that they'd been approached in the same way. Among those who said they were contacted, 83% said this method has increased since more people have been working from home.

Educating employees about cybersecurity is another key method to help thwart ransomware attacks. Among those surveyed, 69% said their organization has boosted cyber education for employees over the last 12 months. Some 20% said they haven't yet done so but are planning to increase training in the next 12 months.

Knowing how to design your employee security training is paramount. Some 89% of the respondents said they've educated employees on how to prevent phishing attacks, 95% have focused on how to keep passwords safe and 86% on how to create secure passwords.

Finally, more than three-quarters (76%) of the respondents said they're concerned about attacks from other governments or nation states impacting their organization. In response, 47% said they don't feel their own government is taking sufficient action to protect businesses from cyberattacks, and 81% believe the government should play a bigger role in defining national cybersecurity protocol and infrastructure.

"IT environments have become more fluid, open, and, ultimately, vulnerable," said Bryan Christ, sales engineer at Hitachi ID Systems. "As a result, more companies are relying less on conventional methods such as a VPN to keep their networks secure. Certain credentials, such as passwords to privileged accounts, are the keys to the kingdom. If a bad actor gets their hands on these credentials, a ransomware attack is almost certain to ensue."

Recommendations

To help your organization better defend itself against ransomware attacks, Christ recommends a proactive strategy to lock down data and access management from the inside out.

First, passwords that are static or stored locally can be exploited in a data breach. Therefore, organizations need to set up access management defenses to reduce this risk.

Second, using multi-factor authentication (MFA) and single sign-on (SSO) can lessen the threat by stopping attackers from gaining access to your network.

Third, giving users just the minimum access necessary for them to do their jobs can further protect your organization. Two methods to obtain this level of security are just-in-time access (JIT) and randomized privileged account passwords.

Fourth, smart password management and privileged protection should lead to the ultimate goal of Zero Trust.

"Zero Trust is a security approach that addresses these new network realities by trusting no one—and many are gravitating to Zero Trust to mitigate risk from cyberattacks from multiple entry points (including internal)," Christ said. "That being said, it's important to remember that Zero Trust is a journey, not a destination—and it can take time."

But organizations can achieve Zero Trust through a series of steps: 1) Trust nothing; 2) Secure everything; 3) Authenticate requests and evaluate access requests based on context; 4) Evaluate all requests; and 5) Grant access by the principle of least privilege (PoLP).

Also see

By Lance Whitney

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.