May 24, 2024

Last Updated on May 25, 2024

What are the “must have” capabilities to reduce ransomware risk? Many experts would name email filtering to reduce the volume of phishing attacks carrying ransomware payloads. More advanced capabilities like application sandboxing and link review can also be effective.

But sooner or later, someone is going to click the wrong link or open a malicious attachment. Then what? Cross your fingers and hope your backups aren’t compromised?

This article presents an expert view on critical elements of a ransomware defensive strategy that many businesses may not have considered.

 

Connecting cybersecurity and IT infrastructure teams

Sagi Brody, CTO at Opti9 Tech, relates that often cybersecurity and IT infrastructure teams are organizationally siloed and not directly communicating.

“Think about incident response, where all of a sudden those two teams need to work very closely together,” Sagi notes. “When’s the latest backup from? Can we failover to the DR site? Can we use the DR site to do forensics? That’s why these two groups, and these two sets of tools, need to come together.”

It’s becoming more common to see backup software integrating with SIEM software—because a firm’s incident response has to involve both.

Sagi further notes that ransomware hackers are increasingly targeting backup and replication tools, and infiltrating those before initiating a ransomware attack. Opti9 offers a solution that uses machine learning to monitor backup and replication environments, and integrates with security information event management (SIEM) solutions. When it detects suspicious activity, it can protect sensitive data and block the attack before it can be initiated.

“You’re going to see that type of preventive or predictive technology using AI happening in other places,” explains Sagi. “A company I heard about is doing threat intelligence by looking for registration of domain names similar to their customers’, which could be used as part of a phishing attack. Now we’re not working reactively. It’s all predictive to prevent the attack.”

 

Other top ransomware defenses

Predictively blocking malware from compromising backups is huge. But it doesn’t solve the problem of attackers exfiltrating sensitive data. Here are three key ransomware defense capabilities that protect sensitive data:

  1. It’s well known that hackers often lurk in a victim’s environment for weeks to months before being detected or initiating an attack. According to Sagi, detecting attacks sooner and restricting unauthorized data access is potentially the number one way to defeat ransomware.
  2. It’s also important to eliminate silos so that security data from all parts of the attack surface can be centralized and analyzed together.
  3. Cybersecurity auditing, questionnaires, and other due diligence on third parties that have access to your systems is also essential for ransomware protection.

Sagi throws in a fourth “bonus” ransomware defense: beware your assumptions.

“Just because something has not been a focus of attackers in the past, we think it’s okay,” reminds Sagi. “But every day we hear about new attack surfaces. This is something we just need to keep an eye on and not have assumptions about.”

 

What’s next?

For more guidance on this topic, listen to Episode 137 of The Virtual CISO Podcast with guest Sagi Brody, CTO at Opti9 Tech.