Mitigate Ransomware in a Remote-First World

Ransomware has been a thorn in the side of cybersecurity teams for years. With the move to remote and hybrid work, this insidious threat has become even more of a challenge for organizations everywhere.

2021 was a case study in ransomware due to the wide variety of attacks, significant financial and economic impact, and diverse ways that organizations responded. These attacks should be seen as a lesson that can inform future security strategies to mitigate ransomware risk. As an organization continues to evolve, so should its security strategy.

The Remote Environment Is Primed for Ransomware

With organizations continuing to support remote and hybrid work, they no longer have the visibility and control they once had inside their perimeter. Attackers are exploiting this weakness and profiting. Here are three reasons they’re able to do so:

Visibility and control have changed. Most organizations now have employees working from anywhere. These employees expect seamless access to all resources from unmanaged and personal devices on networks outside the traditional perimeter. This greatly reduces the visibility and control that security teams have and can make it difficult to understand risks posed by users and the devices they’re working from.

Mobile devices make it easier for attackers to phish credentials. Attackers are always looking for discreet ways into your infrastructure. Compromising an employee’s credentials enables them to gain legitimate access and remain undetected.

Their primary tactic for stealing credentials is to phish employees on mobile devices. Because smartphones and tablets are used for both work and personal reasons, employees can be targeted through multiple apps such as SMS, social media platforms, and third party messaging apps. The simplified user interfaces of a phone or tablet hide signs of phishing and make them ripe targets for socially engineered phishing campaigns.

VPNs enable lateral movement. Organizations rely on VPNs to give their employees remote access to resources, but this approach has a number of security shortcomings. First, VPN gives unlimited access to whoever connects, meaning anyone who gets in can freely get to any app in your infrastructure. Second, VPNs don’t evaluate the context under which users or devices connect. Context is necessary to detect anomalous activity that’s indicative of a compromised account or device.

Three Things You Can Do To Protect Against Ransomware

Ransomware attacks aren’t going anywhere. If anything, these threat actors have made their operations an enterprise, creating scalable, repeatable, and profitable campaigns. While there is no silver bullet to ransomware-proof your organization, there are a number of actions that can mitigate the risk.

1. Protect your managed and unmanaged users. The first step to mitigating against ransomware is visibility into the risk level of devices and users to ensure they aren’t compromised. One compromised user or device can be detrimental to the security of the entire infrastructure. Hybrid work has forced organizations to introduce a bring-your-own-device (BYOD) model, which means unmanaged personal devices have access to sensitive data. These devices tend to be less secure than managed devices, so it’s critical that you have proper data controls in place.
2. Implement granular and dynamic access controls. You need to move away from the all-or-nothing approach of VPNs. With users logging in from anywhere, it’s critical to understand the context under which they’re accessing your corporate apps and data. Applying the principle of Zero Trust will help you provide the right level of access to particular apps and only to the users who need it.
3. Modernize your on-premises applications. Many organizations still have software that is hosted in data centers and accessible from the internet. To ensure they are secure, update them with cloud access policies that cloak the app - hiding them from the public internet but still enabling authorized users to access them from anywhere. Not only does this provide granular access controls, but it also extends the strong authentication security benefits that SaaS applications have and ensures no unauthorized users can discover and access your infrastructure.

Learn more about how your data security strategy should adapt to mitigate ransomware risk.

In a highly connected world, organizations need greater control over their data. A unified, cloud-centric platform allows you to do just that. Lookout’s SSE platform was recently named a Visionary by the 2022 Gartner Magic Quadrant for SSE. Lookout also scored in the top three for all SSE use cases in the 2022 Gartner Critical Capabilities for SSE.