How to defend the enterprise against dangerous 2022 threats

Everyone with access to the news already knows that ransomware is bigger than ever before. A few recent studies have pointed ransomware as the number one type of attack in Asia-Pacific. Sixty-five percent of Singaporean organisations were hit with ransomware in 2021, up from 25% in 2020, a Sophos report found.

Furthermore, resolving this issue is not cheap, with many organisations paying an average of SG$1.5 million, according to a Cybereason survey. Enterprises are starting to realise that being the next target is not a matter of “if” but “when”.

The truth is that we are only now seeing the beginning, and not the end of the real ransomware pandemic. This is because sophisticated attacks are designed to beat the simple security systems that many organisations still use today. Additionally, attackers know how rewarding it is to use ransomware, and cryptocurrencies are just making the payments much easier.

Protecting against ransomware requires organisations to understand their vulnerabilities and take proactive steps to address them. Below are the top five practices that today’s organisations can pursue to defend against the most dangerous threat in 2022.

1. Implement multi-factor authentication

Multi-factor authentication (MFA) is a relatively simple way to add an extra layer of security. While MFA is not foolproof, it makes it significantly more complicated for an attacker to compromise a single account.

For attackers, this will mean that it is no longer as simple as just entering a stolen password and gaining access to the network. This is important because many employees tend to reuse their passwords across multiple accounts. The last thing an organisation wants is to have its network compromised because an employee reused a password that was stolen in a completely unrelated breach.

If MFA is implemented, even valid credentials are not useful to attackers unless they can compromise the second form of authentication as well.

2. Protect all identity systems

MFA can help secure user accounts, but that is not always the route an attacker uses to get into the system. MFA will not come in handy if an employee accidentally opens a phishing email and clicks on a suspicious link or downloads a weaponised attachment designed to target an unsecured system. Worse, an attacker might even target an unknown vulnerability using a zero-day exploit.

In these cases, MFA is ineffective as the attacker has bypassed the need to crack a password and instead entered the network directly. Once inside the network, attackers can check memory and applications for stored credentials – which they will almost always find. They will then move on to Active Directory (AD) to further elevate their privileges and move laterally to identify new and valuable targets.

Today’s organisations need protections in place that can detect suspicious activity, both on the endpoint and within the network. Some tools on the market can provide early alerting when an attacker makes a query, and will also return false information to prevent them from breaking off the endpoint. Other tools can greatly enhance visibility to potential vulnerabilities and attack paths, highlighting risks related to credentials, privileged accounts, shared credentials, and other identity-related exposures.

3. Employ network segmentation

In other words, organisations should not put all their eggs in one basket. By splitting the enterprise into different network segments, organisations can enhance their ability to place traps, decoys, and other forms of bait designed to entice attackers.

It is easy for an attacker to move around a single, simple, flat network as they do not have to navigate much to find valuable data, and a lack of in-network protections means they will not have much to evade, either.

Think of it like a minefield: Sure, a minefield with only one mine is still dangerous, but it is not nearly as useful as a comprehensive deployment.

4. Adopt a zero-trust approach

“Zero trust” is a popular buzzword today, but it is important for organisations to understand that true zero trust is a journey, rather than a destination. It is a set of principles designed around implementing an assumption-of-breach mentality, which means organisations should assume that they have already been compromised and operate accordingly.

Activities within the network should be viewed through this lens. If an identity is attempting to access certain information or areas of the network, that request should be validated and authenticated before it is granted. Assumption of breach means organisations should always be looking for adversaries within their environment, in user accounts, AD, applications, network resources, and countless other places.

If attackers are forced to justify their actions every step of the way, it becomes much easier for network defences to detect suspicious activities.

5. Implement active defence

Network defenders need to be active and engaged every hour of every day. But active defence strategies can help tilt the battlefield in favour of the defenders – and experts are starting to take note.

Industry players now increasingly recognise the value in luring attackers into traps, with deception technology in cybersecurity, rather than simply waiting to detect their presence.

Defenders today can hide important data, accounts, and network shares while using deceptive assets to lure attackers into decoy environments where they can be safely monitored and studied.

Comprehensive security is key to ransomware defence

In conclusion, none of the above recommendations represents a golden ticket to perfect network security, as it is not possible to prevent 100% of attacks. But all these practices have an important role to play in preventing some of today’s more prevalent and dangerous attacks.

By shoring up identity security and implementing key features of zero trust, network segmentation, and active defence, organisations can put themselves in the best possible position to succeed against today’s adversaries. Even if it is not possible to prevent every attack, it is possible to show attackers that their efforts are better spent searching for easier targets.