How to achieve ransomware resilience in three steps
Article by Bitglass CTO Anurag Kahol.
Amid a global pandemic that has challenged organisations to shift to remote operations, cyber-criminals are ramping up their attacks, particularly with ransomware. Malicious parties are taking advantage of the ‘new normal’ work environment to launch ransomware attacks that target gaps in companies’ security postures.
Organisations need to have adequate cybersecurity controls in place as attackers are in a prime position to exfiltrate personally identifiable information (PII) or get their victims to pay ransoms.
All organisations need advanced threat protection to stop ransomware attacks and ease the impact if they do occur. By deploying the right technology, firms can build a resilient IT ecosystem that ensures business continuity.
The internet serves as a valuable vehicle of attack for cyber-criminals, which is why defence against malicious web destinations (malware, phishing, and command-and-control sites) is critical. This protection is best achieved through the use of a secure web gateway (SWG).
This technology helps organisations to defend against online threats by stopping access to malicious destinations in real-time. However, as otherwise innocuous web destinations can be used to download infected files (for example, through file attachments on Gmail), being able to scan files for threats at download and block them in real-time is critical functionality.
Businesses should use an on-device SWG that decrypts and inspects traffic locally on each endpoint, avoiding backhaul latency, privacy violations, and the cost and scalability challenges associated with SWG appliances.
Additionally, leading SWGs should serve as one part of a secure access service edge (SASE) platform along with technology such as cloud access security brokers (CASBs) and zero trust network access (ZTNA) for reliable, wide-ranging protection.
CASBs are designed to secure the cloud for organisations, providing defences for corporate software-as-a-service (SaaS) apps and infrastructure-as-a-service (IaaS) platforms.
CASBs can be deployed in different modes that can shield against ransomware in different ways. By integrating with cloud services’ application programming interfaces (APIs), they can exercise visibility and control over the data at rest therein, allowing them to scan for infected files.
Through forward proxy agents on managed devices, CASBs can scan uploads and downloads of files for threats in real-time and prevent them as needed. With an agentless reverse proxy, this can be accomplished without software on endpoints, making it a perfect fit for BYOD environments.
To defend completely against ransomware across use cases in the cloud, organisations need what is known as a multi-mode CASB, which provides all three of these deployment modes.
Ransomware breaches repeatedly grab headlines with stories about threat actors that exploit organisations that cannot adequately control access to their networks. These cyber-criminals continue to take advantage of remote work, making it more critical than ever to secure remote access to on-premises resources in a granular way.
However, many organisations still seek to address this through virtual private networks (VPNs).
Using a VPN establishes a secure tunnel that connects a user’s device to an enterprise’s network. However, VPNs suffer from issues such as latency, hampered productivity and scalability challenges. Additionally, they violate the core tenets of zero trust and provide full access to the network and everything on it.
VPN is an access tool and not a security tool. This is where zero trust network access (ZTNA) can help. Cloud-based ZTNA solutions preserve user experience, provide needed scalability, and grant access to specific applications (rather than the entire network) while applying real-time threat protection policies designed to stop ransomware.
SWG, CASB, and ZTNA defend against malware on the web, the cloud, and on-premises resources, respectively. For an organisation that wants comprehensive resilience against ransomware, the three are critically important.
However, it can seem overwhelming or disjointed to deploy and manage each separately. That is why organisations must adopt a SASE platform that delivers all three in a unified offering with a single, easily manageable dashboard. This saves time for administrators while helping security teams to secure any interaction against threats like ransomware.
However, not all threat protection capabilities are created equal. Most SASE offerings depend on signature-based protection, which scans files concerning catalogues of previously encountered threats. Obviously, this approach does not allow for the detection of brand-new, zero-day ransomware.
As such, companies should turn to leading SASE platforms that utilise behaviour-based protection, which leverages machine learning to evaluate files and is capable of detecting even zero-day threats.
Using SASE to extend the above protections to all enterprise resources must also be paired with proper employee security training that helps users identify phishing attempts and illegitimate emails (the primary vector for ransomware attacks). With the right solutions and strategies, organisations can ensure that they stay one step ahead of cyber-criminals.