With its ability to bring operations to a grinding halt, ransomware is one of the most significant cyber security threats facing businesses today. They’re expensive too. The average ransom in 2020 was £127,700, and the average cost of downtime was £100,900. What’s more, they’re increasingly a double-edged sword: demanding payment for the return of a company’s data as well as selling that data on to other cyber criminals for profit. From spear-phishing campaigns and RDP attacks to the encrypting of data, the resulting attacks can be devastating.
Protective measures typically focus on preventing entry into the network or ensuring robust back-ups are in place in the event of an attack succeeding. Firewalls have also helped block the malware that is known, and anti-phishing programs can boost cyber awareness. But none of these have prevented the onslaught of ransomware.
Instead, organizations need to focus on intercepting attacks in their early stages by identifying ransomware attack cycle behaviors. CyGlass’ Network Defense as a Service (NDaaS) leverages machine learning to develop a picture of everyday operations for a business and then monitor, surface, and alert on anomalies. CyGlass AI models are built to detect and surface the tactics of different malware families, including ransomware.
The Challenge for Smaller Teams
Without a 24/7 security operations centre, smaller organizations face additional challenges in fending off the threat of ransomware. Deploying and managing multiple security tools can be an uphill struggle for a company with limited resources. These organisations need tools designed to operate within their particular constraints, relying – as much as possible – on data already available in existing tools rather than requiring on-premise hardware or software deployments.
CyGlass understands these challenges. Easy to deploy and operate, its threat detection and compliance SaaS solution provides smaller security and IT teams with enterprise-class protection that uses the logs and data in their existing infrastructure.
Five Steps to Defeating Ransomware
There are five essential steps that a small team can take with CyGlass’ NDaaS that will significantly lower the risk of being attacked and reduce the cost of any potential losses should an attack occur:
1 – Ensure Backups are Running Normally – Alert if they Suddenly Stop
Attackers know that regularly backing up critical data is the most important defence against ransomware. Identifying them being turned off could indicate a ransomware attack.
2 – Monitor Endpoint Security Tools for Normal Operation
The endpoint is the initial entry for many ransomware attacks. Monitoring endpoint security tools for unusual behavior – updates stopping or being turned off – can be a sign of an adversary attempting to overcome or bypass security.
3 – Monitor VPN Activity
If improperly configured or left unpatched, VPNs can become an entry point to attackers. Anomalous changes in volume, location, and “out of hours” activity on a VPN can indicate an imminent ransomware attack.
4 – Network Monitoring and Detection is Critical
The network is the one monitoring point ransomware attacks can’t evade. However, the challenge with network monitoring is the volume of information that must be analysed. A targeted combination of rules and AI assistance is required to find and identify ransomware attack activities.
5 – Monitor Continuously, Respond Effectively
Ransomware attacks occur in stages, often repeated to enhance success, making continuous monitoring essential. In lieu of an enterprise-sized SOC, smaller teams must rely on force-multiplying automated monitoring, alerting, and response systems.
Companies must effectively detect, respond, and recover from ransomware once it gets beyond preventative security controls.
Contact CyGlass to find out more