Just yesterday I wrote about some the top Cyber trends to
expect in 2023 (now only a week away). I
had noted that Ransomware is now on a decline when compared to 2021, but note that
it will still be around for quite a long time to come, and even going into next
year.
What the difference will be is how far the Cyberattacker
will go with these attacks. For example,
will they just stop at holding your device hostage? Or will they try to exfiltrate data and sell
it onto the Dark Web?
Well, now there is a new fear that is coming out: If you have been hit with a Ransomware
attack, the same or even an entirely different hacking group coming after you
again, or even a third time? In theory,
yes, this is a very strong possibility, but the odds of actually happening it in
the real world are not known yet.
As far as I know, I have not come across an organization yet
that has been impacted multiple times by the same threat vector. But different ones? For sure.
But also keep in mind that if you do become a victim of a
Ransomware attack the first time around, the chances of having sensitive data
stolen is pretty high. Now, if the same
Cyberattacker wants to come back at you for a second or even third time, they necessarily
do not have to strike at you with a threat vector.
All they have to do is scare you into releasing the data
they heisted the first time so that you do make some sort of payment.
This ends being an extortion kind of attack, and this is
what is trending now in the Cyber world.
In fact, the hacking group may not even ask for any money. They realize that even reputational/brand
damage to your company can be equally, if not more devastating.
So really, all they have to do is come out into the media,
and make claims that they have your data.
From there, the very worst could happen.
In fact, this extortion scheme has gotten so bad that it is
expected to cost Corporate America $265 billion by 2031 (SOURCE: https://securityintelligence.com/news/ransomware-costs-expected-265-billion-2031/). So what can a CISO do to help mitigate the risks
of being hammered 3x over by a Cyberattacker?
Here are some key tips:
1)
Know thy data:
Being the head of your IT Security
team, it is ultimately, you the CISO, that has to take responsibility for knowing
what kinds of information and data are being collected and used by your
company. But even more important is you need
to know at all times where it is all being stored. Even to this day, a surprising number of CISO’s
still cannot provide an answer to this question when they are asked directly
about it. If you really don’t anything about,
then ask your IT Security team to help you diagram where all of it is at.
2)
Get rid of the siloes:
For the longest time, Corporate America
lived in what are called “siloes”. This
simply means each department in a company merely did their own thing, without working
as a team with the other teams. IT
Security has been notorious for doing this, but now, with the advent of the 99%
Remote Workforce, people are realizing that all departments now have to come together
at varying degrees for the common good of their employer. So, this approach should also work for your databases. Rather than keeping 10 different bases, it is
probably even wiser to consolidate all of them into one central repository, and
from there move them into a Cloud platform, such as that of Microsoft
Azure. In fact, a lot of Cyber pundits
are now calling for this kind of centralization. Why is this?
Well, your data becomes easier to manage and optimize, and you can
implement all of them into one place. Thus,
it is also easier to keep track of any malicious behavior.
3)
Keep analyzing:
With the help of both AI and ML
tools, you can quickly analyze the data that you have, and what is incoming and
even what is outgoing. Of course the goal
here should be to look for unusual patterns in network traffic, but you and
your IT Security team also need to keep creating new baseline profiles as the needs
dictate them. In other words, you should
never rely upon a static baseline for a long time. Your profile is a dynamic one, and thus should
be updated based upon what you see in the external and internal environments of
your company.
4)
Incorporate PAM:
This is an acronym that stands for “Privileged
Access Management”. This methodology should
be used when managing Privileged Accounts, especially those in a Hybrid Cloud environment.
Essentially, these accounts can be viewed as “superuser” accounts where higher than
normal rights, privileges, and permissions are assigned to certain employees in
a company. You should never rely upon
manual process here. Your IT Security
team has enough to worry about, and you don’t want any of your Privileged
Accounts to be hijacked. A good PAM
based solution will help you to automatically delete and/or decommission those
that are not in use anymore, or simply deemed to be inactive.
5)
Work proactively after the attack:
After the dust has settled, you will
then want to discover entry points where the Cyberattacker was able to
penetrate through. A good forensics
analysis should help to reveal this, but only a Penetration Test can truly tell
you what really happened. Therefore, you
should run one immediately after the attack, and immediately fill any gaps with
the remediative steps that have been provided to you. But even after this, you should be running a
deep Pen Test scan at least once every quarter.
This can be expensive, but now many companies are coming with Pen Testing
solutions from which you can get a license for a certain amount of time. This will let you run as many scans as you
want or need to.
My Thoughts On This:
All if this comes down to in the end, should you ever pay a
Cyberattacker the Ransom? The answer will
vary of course, but in my view, it should never be paid. By taking this approach, it will lessen the chances
that you will be hit repeatedly in the future.
In fact, depending upon
who you pay the Ransom to, this could even be a felony under United States
law. And if you do pay it, the chances
of getting a payout by your insurance carrier is almost nil.
And remember, always back your data. With Cloud today, you can store your data
across different data centers located in different parts of the world. So, if you are hit, you can immediately switch
over to your redundant data center, with very little downtime.
No comments:
Post a Comment