Whether it’s a shiny new web application, remote-work mandate with BYOD or some other digital transformation initiative, implementing effective cybersecurity tends to lag fashions in technology.
But even the most adaptive approaches need constant reappraisal. That’s where the Barracuda Networks Ransomware Protection Checklist is a point-in-time validation for any organisation contending with a dynamic threat landscape, says Mark Lukie, Barracuda Networks, Director of Sales Engineering (APAC).
Lukie has witnessed a steep rise in ransomware attacks on organisations through web applications, business email compromises (BEC) and malicious uploads. Indeed, 74 per cent of respondents to a Vanson Bourne-Barracuda global survey that had Australian respondents said they fell victim to at least one ransomware attack in the past year.
“Barracuda Networks’ Ransomware Protection Checklist inspires IT decision-makers to rethink how well they have safeguarded their people, customers and partners,” says Lukie.
“It asks them to look again at their strategy and if they have tested it adequately. And when all else goes wrong, do they have a fully tested and robust contingency plan with which they can recover gracefully?”
Email is still No.1 threat but web applications emerge as a dangerous vector
An attacker concealed in a compromised system may masquerade as a trusted party to hijack an email conversation. This “sentiment of urgency” attack raises an unknowing victim’s anxiety to trick them into divulging information or transferring money, Lukie says.
“We sit on email 90 per cent of the day; it’s at our fingertips so attackers will exploit it to get to us,” Lukie says.
“And when we’re working remotely or on the run, we’re distracted and that makes us easier prey.”
To complement end-user training and enable employees to recognise malicious emails and report threats, Lukie advises businesses to secure their Microsoft 365 environments — a rapidly growing threat vector — with a solution that detects lurking threats and scrubs inboxes clean.
Other ways to protect your business from malicious emails are:
- Block phishing attacks – An AI-enabled solution alerts when a user is at risk of phishing or account takeover.
- Rapid remediation – Quickly discovering malicious emails and recovering automatically from their effects are critical to business continuity.
Compromised web applications are also on the rise, appearing in nine in 10 breaches according to Verizon’s 2021 Data Breach Investigations Report (n=1610) — including some of the most expensive from which to recover.
You need to ask, ‘Could we be inviting ransomware through our own web applications?’ — Mark Lukie, Barracuda Networks, Director of Sales Engineering (APAC)
Businesses are deploying web applications to speed their digital transformation, provide better customer and employee experience, and cut costs. But many businesses are transitioning from clunky internal processes without a full appreciation of emergent risks. Web applications may have apparently innocuous features such as user-fillable forms or an upload function that bad actors may exploit.
“IT decision-makers may not realise how valuable their web applications are. They don’t understand their applications capture and convey sensitive information or could be an open door to an attacker. They need to ask, ‘Could we be inviting ransomware through our own web applications?’ ”
He says they may also misunderstand the limits of legacy protections such as a firewall that may not be a Web Application Firewall (WAF): “You have to protect your code at the correct layer”.
Organisations can defend their web applications by:
- Hardening against attack – Adhering to OWASP Top 10, and limiting zero-day and brute force attacks with an application security solution.
- Protecting access to applications – Choose a Zero Trust access solution with multifactor authentication that admits only authorised users and devices.
- Preventing lateral movement – Segment your on-prem and cloud networks so attackers can’t roam freely should they gain access to your infrastructure.
Plan, test and backup to recover quickly
Even the best-laid cybersecurity strategy can come unstuck at the hands of an aggressive or lucky attacker.
In such instances, organisations need a comprehensive and tested contingency and recovery plan. Testing is key to success, says Lukie.
“Testing a recovery process before you need it is especially important; it’s too late once your data is locked up.”
|Did you know? The median amount stolen in a ransomware attack was $US11,150, and ranged from $US70 – $US1.2 million in 95% cases. (source: Verizon, DBIR 2021, p.25)|
Other ways organisations can recover from attack are:
- Back up all your data – Remember your data may span on-prem and cloud environments such as SaaS and Microsoft 365.
- Protect your backups – Encryption, access control and IP restrictions ensure you can access your data when you need it but attackers can’t lock you out.
- Develop a recovery plan before you’re attacked – Know upfront how you will manage the business and the technical responses to an incursion.
Lukie says a checklist such as Barracuda’s “allows self-validation” but is just a guide in the conversation the business must have with itself.
“You can understand what needs to be done and to what extent you achieved success but you need to have an honest approach and look for ways to improve.”
|Ransomware is any malicious activity that empowers a malicious actor to demand ransom from the target IT system’s owner. Although attackers traditionally demanded money to unlock or decrypt data on a target system, they now often blackmail victims with threats they will publish the data or news of the attack to undermine confidence in the victim. A successful ransomware attack can destroy or hobble a business of any size.|
Download the Barracuda Networks Ransomware Protection Checklist and check out our website for more information. Or email us to request for a free consultation on how to defend against cyber attackers.