Defending against the rising tide of ransomware

Ransomware attacks are among the most significant cyber threats facing organizations today

Organizations in the Asia Pacific region are reported to be 80 percent more prone to cyber-attacks than the global average, due largely to the speed and scope of growth in the region’s digital use and connectivity. The average cost of recovering from a ransomware attack for businesses in Asia Pacific and Japan (APJ) has increased by more than US $1 million. What’s more, only 5 percent of APJ organizations get back all of their data after paying a ransom. With this rise in attacks, it’s more important than ever that enterprises take steps now to prevent future attacks. 

Taking the first step

Companies must understand all the IT assets that reside within its environment. Thus, they need to develop An asset inventory or list of all enterprise IT assets that exist across the network. These contain software that could, at any point, be vulnerable to an attack. 

Without the foundation of a list that provides a holistic view of the environment, it is impossible to stay ahead of attackers. 

This process needs to be automated and continuous, rather than relying on manual, ad-hoc scans that could easily fall to the bottom of the pile. Automated tools and solutions are available to provide an overview of known, and more importantly, unknown assets within the environment and any known risks associated with each asset.

Once the inventory is established, it’s time to assess the current risk level. This involves seeking out live issues. 

For example, based on recent Qualys research, there are 110 Common Vulnerabilities and Exposure (CVE) entries that have been associated with ransomware over the past five years. With this list, organizations can gain a full picture of these CVEs – whether they are present in the environment and which of the CVEs must be prioritized when patching.

Organizations can enrich their asset and software data with contextual information to help the detection process. For example, they can identify and set alerts for assets that are running unauthorized software or are not using antivirus or endpoint security tools. These issues can be examined and appropriate action taken to resolve them.

Focus on the bigger picture

With so many potential risks in today’s security landscape, it is important to understand how to prioritize.

In practice, not all risks are equal. There may be thousands of issues discovered – some of which will need to be dealt with immediately, but others may be incredibly niche or hard to exploit. 

Being able to add business context to assets, organizations can focus on the most critical risks to their business and allow those lower down on the list to be managed over time.

Patching itself is often overlooked as an important part of this process, typically because it crosses team and department boundaries – ultimately leading to conflicts or delays. To address this, organizations must implement metrics that can track successful deployments and make these a business responsibility rather than just the purview of IT teams.

Treat ransomware as a business issue

The costs and disruption to the business following a ransomware attack has resulted in better support and more budget for security teams. However, increasing the security budget or investing in additional tools is not enough. 

Some organizations are well into this journey already, but many are still lagging behind despite the increasing threats. Security professionals can enhance their efforts by learning from one another and keeping abreast of industry developments to hear best practices and understand the value of new technological advancements.

To effectively combat risks from ransomware, organizations need to acquire a unified view into critical ransomware exposures, such as Internet-facing vulnerabilities and misconfigurations, insecure remote desktop gateways (RDP), and detection of risky software in the data center environment along with alerting for assets missing anti-malware solutions. 

There is also a need to accelerate remediation of ransomware exposures with zero-touch patching by continuously patching ransomware vulnerabilities as they are detected. The remediation plan also enables proactive patching for prioritised software to help keep them up to date. 

By closely monitoring asset inventories, managing risks and understanding critical ransomware exposures, organizations can achieve better proactiveness in defending against the increasing tide of ransomware.

The article has been written by Debashish Jyotiprakash, vice president for Asia and managing director for India at Qualys