State of Ransomware: Caught between perception and reality

One of the biggest concerns for info security professionals and business executives right now is ransomware attacks. It has prompted many organizations urgently assess what they need to do to contain and limit their exposure to this threat. Presented by renowned industry expert Prof. Avishai Wool, this new technical webinar will provide some best practices and tips to help organizations prevent, contain and respond to a ransomware attack. In this webinar Professor Wool will discuss:

• The different methods used by cyber criminals to penetrate the network security perimeter
• Best practices for reducing cyber criminals’ lateral movements across the network
• How to augment incident triage with critical business context to assess the severity, risk and potential business impact of an attack
• Prioritizing incident remediation efforts based on business risk, and neutralizing impacted systems through zero-touch automation
• The impact of a ransomware on regulatory compliance

Yitzy Tannenbaum sits down with AlgoSec CTO, Avishai Wool and Guardicore CTO, Ariel Zeitlin, to discuss the role of micro-segmentation in the fight against cybercriminals  I recently had the pleasure of moderating a virtual panel with AlgoSec co-founder and CTO, Avishai Wool and Guardicore CTO, Ariel Zeitlin, in which the two industry leaders discussed how organizations can fight ransomware using micro-segmentation.   According to recent survey figures, more than 60% of organizations claim not to have experienced a cyber-attack, but another 40% said they have experienced a significant number of breaches in the past two years alone. During the session I asked both panelists about these two extremes, and whether or not they thought the COVID-19 pandemic had been a contributing factor.  Impact of COVID-19 of ransomware attacks  Avishai began by talking about AlgoSec’s experience of its own customers being targeted more in recent years. He made the point that cybercriminals are opportunists, and once they have discovered a vulnerability or found a tactic that works, they’re likely to keep repeating it. There are frameworks out there which allow bad actors to mount quite sophisticated attacks without much technical knowledge, making cybercrime easier and more lucrative than ever been. The number of potential targets is also growing as COVID-19 has pushed businesses further online.   Ariel then highlighted the speed at which businesses had been forced to move to remote working in 2020, and that there wasn’t time to put proper security strategies in place. He said that employees were the number one access point for bad actors, and the move to agile working just made them even more vulnerable.   Ariel went on to talk about the move towards reconnaissance and how bad actors would typically choose their targets based on the amount of business-critical or sensitive information they were likely to have. However, he did warn that smaller enterprises shouldn’t become complacent in thinking they are “too small” to be targeted. Ransomware is far too easy to monetize in 2020, so everybody is a target. Ariel also discussed the trend of lateral attacks and exfiltrating small amounts of data at a time, creating a lever to continuously ask for ransom payments.   Avishai picked up on Ariel’s comments and highlighted the emphasis on the lateral movement of attackers. Traditionally, a ransomware attack may have been confined to one computer or one very small network. Today, however, the first infection could be an employee working at home who opens the wrong email. That infection could then spread laterally throughout the entire organization making it much harder to defend against, quarantine or eradicate. I asked Avishai what steps could be taken to prevent the lateral spread of something like a ransomware attack, and he talked about the importance of backups, access controls and quality staff training.   Minimizing loss with micro-segmentation  When asked about the first steps an organization should take if they’ve experienced a ransomware attack, Ariel explained how the number one priority should be to contain and stop the spread of the virus, saving whatever can be saved. Start using back-ups, disallow access to servers, and block SNP ports all over the network to contain the attack. Then it becomes an investigation - finding out what happened with whatever tools are available, ideally with a rapid response team. Avishai then talked about the advantages of segmenting an overall network into pieces to help with diagnostics and containment.   While traditional firewalls can offer some high-level segmentation, it’s not really feasible to deploy multiple firewalls to create smaller segments. Thankfully, that’s not much of a concern nowadays, since all leading public cloud vendors already include network filtering which gives businesses incredible levels of control over their network. However, Avishai went on, the real problem organizations face when it comes to micro-segmentation isn’t a lack of technological capability, it is a lack of policy and strategy.  In Avishai’s experience, this is a huge knowledge gap for many businesses. Ariel reinforced this, adding that policies aren’t static and change over time, often hundreds of times per week in larger organizations.   While vendors can provide the ability to create micro-segments, it’s down to organizations themselves to write the policy rules around what kind of traffic to allow through each segment. To hear more thoughts on micro-segmentation from Avishai and Ariel, including how to write effective micro-segmentation filtering policies both inside and outside of the data center, you can watch the recorded discussion here. 

Did you know that 50% of organizations were hit by ransomware attacks in 2020? These attacks have become more sophisticated, as attackers change tactics from “spray and pray” to more targeted server-based attacks. So how do you protect your network from such attacks? We invite you to join our series of webinars about ransomware with AlgoSec and Cisco, to learn practical methods to reduce your network attack surface and protect your organization from ransomware and other cyber-attacks. In our first webinar in the series, Yitzy Tannenbaum, Product Marketing Manager from AlgoSec and Jan Heijdra, Cisco Security Specialist , will take you back to the basics. They will discuss: Popular methods used to infect your network with ransomware The importance of a layered defense-in-depth strategy Best practices for managing your security devices How to build a security wall with Cisco Secure and AlgoSec Network Security Policy Management to block ransomware