In many ways, ransomware is one of the great digital transformation stories of our time.
Per Microsoft’s 2021 Digital Defense report, ransomware is now the most lucrative game in cybercrime.
Ransomware-as-a-service, or RaaS, has made cybercrime accessible to the masses. Aspiring threat actors face very few barriers when it comes to entering the “industry.” Anyone can launch an attack by purchasing affordable, pre-built components or, by hiring “freelancers” for one-off gigs, Upwork style.
According to an HP study of dark web marketplaces, more than 90% of “cybercrime goods and services” (i.e.: kits, credentials, and tutorials) cost less than $10.
But – it’s not just the increasing sophistication of threat actors you need to worry about. It’s also the rapidly changing digital landscape – with ever-evolving technologies, customer needs, and end-user expectations that, together, keep raising the stakes and introducing new threats.
So, how are you supposed to defend your business against ransomware when the threat landscape keeps evolving? Unfortunately, there’s no quick fix. The reality is, future-proofing your ransomware strategy – or, really, any strategy – is more about cultivating the conditions that enable quick decisions and real-time response.
Here, we’ll share some practical tips for building a forward-looking strategy for navigating a landscape riddled with “unknown unknowns,” hidden threats, and a lot more complexity.
Size Up Your Security Posture, Fix Problems, & Fill Gaps
Data from a recent Axonius survey found that two-thirds of organizations are spending more on SaaS apps year-over-year. That same share of respondents also say rising SaaS investments have introduced more complexity and security threats to their business.
More SaaS apps in the stack means companies have more critical data, documents, and processes flowing through their digital estates than ever before. In turn, attackers have more opportunities to exploit vulnerabilities – wreaking havoc on enterprise systems, as well as any users, devices, customers, or partners connected to those networks.
Beyond SaaS apps, the explosion of big data, an influx of personal and IoT devices, and expanding hybrid cloud ecosystems are having a similar impact on orgs’ overall security posture.
The first step toward building a future-proof ransomware strategy is to get a clear picture of where things stand right now.
Initially, you’ll want to identify the following elements so you can start putting together a comprehensive map of your network, including all:
- Applications & services
- Identities & credentials
- Existing security solutions
- Security silos & gaps
Microsoft offers a self-evaluation tool you can use to get a sense of where your security posture stands today, and, from there, make any necessary changes to improve your overall strategy – whether you’re already a customer or not.
Existing customers benefit from a wealth of assessment tools embedded directly into its expansive product catalog.
For example, Defender for Endpoint comes with a Device Discovery feature, which allows you to take an inventory of all assets, perform vulnerability scans on discovered devices, ID shadow IT, and use the platform’s AI-generated recommendations to prioritize and remediate risks.
Or – if you’re already using Microsoft Defender for Cloud, you can use the built-in visual reporting tools to learn more about vulnerabilities across your entire digital estate.
For example, the Security Posture dashboard offers an at-a-glance assessment of your overall standing – with the option to drill down into each app, subscription, or cloud environment, as per the screenshot below.
If you click “view recommendations” for, say, “GCP Connector,” you’ll then get a list of actions you can take to make that Google Project more secure – ensuring that it doesn’t become a gateway for threat actors to access your Azure subscriptions, D365 apps, or customer data.
Another option is Microsoft Cloud App Security. This platform helps users ID risky usage patterns, spot signs of breach or exfiltration, and manage newly discovered cloud apps.
Users can then use their findings to take action. Per a 2021 Microsoft blog post, business leaders need to decide which apps are appropriate for employee use, which apps pose a threat, and start setting defined policies to gain control over their network.
You might use a framework like this to standardize decision making re: access controls, sanctions, and more:
Ultimately, you’re trying to paint a clear picture of your entire threat surface that can then be used to develop a robust plan spanning every asset, user, endpoint, etc. in your network.
Implement Intelligent, Proactive Solutions
According to the World Economic Forum 2022 Global Cybersecurity Outlook, 81% of survey respondents say digital transformation is the main factor when it comes to improving cyber resilience. This points back to the ongoing theme of becoming a data-driven organization – and really working to build a mature data strategy.
Per Palo Alto Networks’ 2022 Future of Threat Intelligence report, predictive intelligence is an absolute must.
When businesses can detect anomalies, vulnerabilities, and breaches in real-time, implement automations that take immediate action against incoming threats, they’re able mitigate potential damage and quickly bounce back from an attack relatively unscathed. You’ll want to make sure you’re using solutions that continuously evaluate the threat landscape, perform ongoing risk assessments, and enforce compliance and data governance requirements.
These solutions enable users to identify and investigate unusual traffic patterns, login attempts, and unauthorized activity, find and fix shadow IT and identities before threat actors can exploit them, and make changes to their security strategy as the threat landscape evolves.
Predictive intelligence tools also allow users to build incident response plans using real data and predictive models – that way you can train your team to act quickly in the event of an attack, stress test your plans, and implement measures that minimize damage and support business continuity.
Security automation is another critical piece of your ransomware defense strategy. Algorithms can be trained to systematically detect, analyze, remediate cyber incidents, prioritize alerts, and contain malware without human intervention.
Per one recent Splunk blog post, many solutions can automatically fix known issues without human intervention, triage breach situations, and prioritize alerts so that humans can take action in a timely manner. In turn, security teams can then take a more proactive approach to managing threats, since automation frees up resources and time better spent on high-value tasks.
For example, Johnson & Johnson used Azure Bot Service, an NLP service dubbed LUIS, and a cloud-based API that generates relevant question-and-answer layers based on existing data to build an end-to-end chatbot platform, Genie the Genius. Each Genie chatbot runs on its own service – separate from the rest of the bots – and uses its own resources. That way, if one J&J bot gets hit with a breach or a ransomware attack, it won’t spread to the others – or the rest of the enterprise.
Microsoft’s low-code solutions enabled J&J to quickly deploy this large-scale chatbot platform – quickly, using templates and built-in automations – but crucially, it also allowed the organization to implement security controls like authentication, policy enforcement, and SSL across all bots in the network.
Look Ahead at Emerging Tech, Trends, & a Changing Threat Landscape
There’s no question that the threat landscape will continue to evolve.
Threat actors will keep updating their tactics and leveraging new technologies – wreaking havoc on victims in ways we can’t yet imagine. And – as such, you want to make sure you’re always looped into the latest happenings in the ransomware space.
For example, what’s going on within the ransomware community, both in context with your industry and just in general? Are there new strains? Ransomware business models? Are phishing strategies targeting different platforms or embracing new formats?
Now, the takeaway here should be more than “keeping up with current events is good for business.” It’s more about implementing solutions that keep you tuned into the things that matter most from a security standpoint, so that you can continuously optimize your ransomware strategy based on the threats of the moment.
Building on that, you’ll also want to consider how upcoming tech investments will impact your security posture. And, taking it one step further, what steps you’ll need to take to accommodate the new security requirements that come with those hypothetical investments.
Are there any planned digital transformation projects in the works? For instance, are you considering how to incorporate blockchain into your business model or developing a Web3 project?
How, then, might these new elements alter existing ransomware strategies? And, more crucially, what kind of plans are already in place to ensure that security is baked into every project from the get-go?
Finally, you’ll also want to think about the risks and opportunities emerging tech might bring to the threat landscape. That means, assessing the risks new tech might introduce to your business and what it’ll take to protect those new, virtual worlds from the threat actors trying so hard to exploit them.
How will you handle cybersecurity in the metaverse? Or at the edge. Or, in a 5- or 6G world with way more data than you’re already dealing with?
Even if you’re not sure about, say, investing in the metaverse right now, it’s still worth looking at the “next big thing” from a practical standpoint so you’re ready to hit the ground running if things change.
Look at CCC Group. Following a successful CRM implementation, the organization decided to embrace a “data-first mindset,” empowering teams with unified analytics and accessible visual reporting tools.
The group is using data to decide which products to develop and which markets to pursue. But they’re also using those insights to build a new strategy with data governance at its core. In turn, this has allowed the company to drive cultural change and transformation and use analytics to prepare for the future.
The bottom line is: organizations must either transform their entire approach to ransomware prevention, detection, recovery, and cybersecurity on the whole or get pummeled by lawsuits, losses, and more security-savvy competitors.
Your ransomware strategy must transform at the same rate as your business, the market, and threat actors on the hunt for vulnerabilities they can exploit for profit, politics, and personal gain.
Velosio is a Gold-Certified Microsoft partner and trusted advisor on security issues for its clients. We’ll help you evaluate your current security solutions and make recommendations for how you can improve your security posture – and at the same time, create more value for your business and its customers.
Contact us today to learn more about our approach to security, service offerings, and what you’ll gain by partnering with us.