Science & Technology

Add a new dimension to ransomware defense

Ransomware is a particularly ruthless endeavor.Criminals are targeting schools, critical infrastructure, and even patient records At a psychiatric treatment facility.. The US Department of Homeland Security recognizes this as the number one threat, and security experts put it at the top of the list of defensive ransomware strategies. Like all other cybersecurity initiatives, defense in depth is axiomatic for effective ransomware protection. Building content awareness is a simple and accessible way to add another layer to your ransomware strategy.

Not surprisingly, most defense strategies begin with a means of minimizing the foothold that an attacker can find within your organization’s IT environment. Checking incoming emails about ransomware payloads, providing users with actionable advice on “street smart” on the Internet, and monitoring the network for suspicious activity are important for effective ransomware protection strategies. The element. The new AI-based data governance solution provides an additional weapon in the battle of ransomware. Situational awareness informed by deep insight into the content.

Content awareness builds the resilience of ransomware. To understand why, it’s helpful to put yourself in the position of your opponent (or behind the keyboard) and think about how to plan, execute, and monetize your attacks. Once you understand the attack process and gain insight into your content, you’ll have what you need to minimize damage before, during, and after a ransomware incident.

Now let’s start where the attacker starts – establish a foothold. Attackers use encryption to prevent access to valuable data. To do this, you need to manage your account. Ideally (from an attacker’s point of view, of course), a compromised account can access a variety of business-critical data. In reality, it’s a roll of dice. Attackers’ social engineering and malicious email campaigns trap random targets.

It’s like a box of chocolates from Forrest Gump. If your account is compromised, a box will open. Your account can be filled with merchandise that gives you access to a variety of files and data. Other accounts are mostly empty boxes, with much more restricted access. If you are defending, your goal is to keep the box closed. And it would be great if there weren’t too many goodies inside, in case the attacker managed to break it open.

Most of today Ransomware mitigation strategy Focus on keeping the box closed. This makes sense. Not much attention is paid to managing the chocolate in the box. The least privileged data access model, which aims to allow users access to only the data they need, is a great way to limit disclosure if an account may be compromised. Minimal privileges are not a preventative strategy. This is a damage control strategy that assumes that a ransomware attacker will eventually gain control of one or more accounts.

But if minimum privileges work, why is that practice less prevalent? A typical organization manages over 10 million files, from picnic invitations to personal financial statements. About one-third of these documents are business-critical (and therefore of interest to ransomware practitioners). This is a huge number of files that contain a set of content that can be difficult to evaluate, understand, and protect even for a seasoned IT team.

For better or for worse, this usually means that the end user is responsible for who can and cannot view the content. Spreadsheets with embedded important source code documents and customer information may also be shared more widely than necessary. About 12% of all business-critical documents are at risk of ransomware breaches due to over-sharing.

To mitigate risk, AI-based data access governance technology helps by using natural language processing algorithms to scan millions of documents in an organization to classify content and detect over-sharing. This is a powerful tool that helps limit unwanted access and the associated ransomware risk.

Ransomware exploits differ from other cybercrimes in one important way, which helps them recognize content when it comes to detecting ongoing attacks. Criminals do not need to own the data. Because data does not move, security measures at the perimeter are not in the best position to detect or stop ongoing attacks. This will change the status of detection. Security professionals need to monitor an astonishing number of files throughout the organization instead of just a few perimeter control points.

As a result, ransomware attack detection strategies seek to monitor cryptographic activity and cryptographic artifacts at the file level. Establishing a baseline prior to an attack makes it much easier to distinguish between routine and fraudulent activity. Also, if your baseline contains insights into the business importance of that content, you can detect unwanted encryption, assess threats, and determine more effective mitigations.

Finally, content awareness is very important when faced with ransom demands. Deciding whether to pay to recover data is a difficult decision in any situation, but what’s wrong with understanding and deciding exactly which data is at risk of loss. It’s much better than not having to know if it’s. Attackers often do not know what they have is important or trivial. Content awareness can give you an edge.

Ransomware is undoubtedly an intensifying arms race for cybercrime. By strengthening anti-malware and anti-phishing efforts with minimally privileged access control, damage in the event of an attack can be minimized. Content and activity awareness establishes a baseline to help find unwanted encryption and mitigate activity faster and more effectively. Also, if you participate in ransom negotiations, it’s nice to have a clear understanding of what data is at stake.

Add a new dimension to ransomware defense

https://www.helpnetsecurity.com/2021/10/14/ransomware-defense/ Add a new dimension to ransomware defense

Back to top button