sb-as logo
Story image

Four steps for preventing the next ransomware attack

05 Dec 2017

As we approach the end of 2017, it’s clear that enterprise ransomware continues to be a huge issue for businesses all over the globe. Once ransomware enters your network undetected, your data is immediately encrypted and inaccessible or your systems are locked down. 

In some cases, ransomware goes after the back-ups and if they are connected to the network, the data may be completely unrecoverable. Here are some tips on how to better prevent ransomware damages:

Apply behavioural-based detection   

It’s crucial for organisations to shift to proactive cybersecurity techniques focusing on identifying malicious behaviour, relating to ransomware even when no signatures or known exploits are present.

Instead of being reactive and shoring up defences when you detect an Indicator of Compromise (IoC), or a “known bad,” organisations should track Indicators of Attack (IoAs) that identify adversary behaviour, related to ransomware, such as code execution or lateral movement.

This enables organisations to prevent, detect, and respond to both known and unknown attacks. An IoA can prevent multiple variants and versions of ransomware families, including new ones not detectable by known signatures or features.

Augment analytics with artificial intelligence/machine learning

AI/Machine learning (ML) is critical in helping to detect ransomware that might otherwise be missed. To be truly effective, ML must have enough relevant data so results can be meaningful and adjust to ensure the balance of true vs. false positives.

A signature-less ML combines behavioural analytics with ML and is able to learn what files are malicious without having to be fed new datasets every day. This approach is far superior in helping detect the malware and ransomware of today, much of which is unknown variants and ultimately leads to better classification of what is malicious or not, helping your organisation’s IT team in the long run.

Bolster your defence with proactive hunting

Rather than waiting for ransomware to appear and take hold in your organisation, it is better to spot the problem at inception and close it down immediately. This is what proactive threat hunting looks like, and leveraging threat hunting teams can help defenders shift the advantage back to themselves.

Threat hunters look for evidence of potential malicious behaviour that might exist in a broad pool of behavioral data, but may be too subtle to warrant a response.

From there, threat hunters can follow even the faintest suggestion of possible threat activity to put together a picture of whether an attack is in progress, or if the behaviour is irregular but does not represent malicious activity in your IT environment.

Threat hunters make it possible to find damaging attacks before they are able to be detected using automated security tools. This is a key fundamental for true visibility into your network.

It’s time to solve the patch problem

Vulnerability scans are no longer adequate in defending the network in real-time against modern-day threats. Many legacy approaches only report patch information collected from checking the registry for listing of installed patches. As a result, failures in the installation process such as delayed reboots may cause the scan to report incorrect patch status.

This leaves organisations with major blind spots that can turn into massive vulnerabilities in the event of attacks like WannaCry. Vulnerability management needs to work in real-time and have full visibility into the environment to create a capability of proper prioritisation and patching.

Article by CrowdStrike. 

Story image
Zero trust is the way to secure the distributed workforce - Empired
Existing security solutions need to evolve to accommodate the new remote workforce.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Story image
Gartner: Security leaders must balance risk, trust and opportunity
Security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organisations to function.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More