By Kris Lahiri, Co-founder and Chief Security Officer of Egnyte
Ransomware attacks are now the most common security incident taking place today. According to a recent report from TrustWave, ransomware rates quadrupled in 2019, accounting for one out of every five security incidents and unseating payment card theft as the most prevalent threat category. This spike in ransomware couldn’t come at a worse time, as companies all over the world are grappling with many operational and security challenges associated with the coronavirus-induced shift to remote work.
Why is this such a problem? IT and security leaders are generally all too aware of this threat and well-equipped to defend against it in conventional business environments. But with the vast majority of employees working from home, the traditional network perimeter has evaporated and so have many foundational security protections. For a 1,000 person company that’s become 100% remote, administrators now have 1,000 mini networks to protect against this onslaught of ransomware attacks instead of one or several – but without the same level of control or defenses. And unfortunately, the tried and true method of simply implementing backup and recovery policies to safeguard against successful ransomware infections isn’t as practical or realistic with a massively distributed, off-network workforce.
Luckily there are several best practices beyond general endpoint protections and malware defenses that every security administrator can and should implement today to protect remote workers from this threat. Here are four keys to securing your off-network employees and fending off ransomware attacks as the COVID-19 pandemic continues:
- Implement ransomware education and training – According to Verizon, 80% of reported security incidents involve phishing, and according to one report, phishing attacks are to blame for two-thirds of successful ransomware infections in 2019. Although remote employees are not “on their own” as they work from home, they are further away from your skilled IT and security staff and must be trained to independently identify and avoid potential ransomware attacks. Regardless of the size of your organization, invest in educational programs and regular training that teach employees about common ransomware delivery techniques and red flags to watch out for. Better yet, incorporate regular practical tests that entice users into clicking on would-be malicious links or downloads, and provide additional training as needed. Investing in ransomware education and training is well worth it when you consider the potential financial and reputational damage caused by a breach.
- Strengthen data access policies – Now that the majority of your workforce is operating outside the office network perimeter, it’s never been more critical to tightly control permissions. Create a strict identity and access policies and buttress your access control lists so you can limit employee access to areas of your infrastructure in which you’re storing valuable company data and content. Shoring up these policies will allow you to enable or deny permissions by account, user, or based on specific elements such as date, time, IP address, or whether requests are sent with SSL/TLS. Use the principle of least privilege, only giving users access to the accounts, systems, and data that’s absolutely necessary for them to be productive. This is a crucial step when it comes to ensuring attackers or unauthorized parties can’t get access to, delete, or expose your business-critical data.
- Require multi-factor authentication – It goes without saying that you should put in place policies that require users to set complex passwords that are 16 characters at a minimum. That said, even strong passwords are no longer enough when it comes to secure authentication. Given enough time, a simple brute force attack can crack highly complex credentials. Deploying a multi-factor authentication solution should be a no-brainer for every organization today, especially with so many employees accessing company data from outside the enterprise perimeter. A second or third authentication factor delivers another critical layer of protection so that even if an attacker gets their hands on a weak or stolen employee password, they’ll be unable to log in and compromise your systems without a physical token, personal smartphone or unique biometric signature.
- Reexamine and harden the compute layer – If you haven’t already, now is the time to assess and secure your compute layer to ensure your systems and data remain available and to keep any threat actors that could potentially find a way in through one of many remote entry points from using your resources to spread malware. One easy way to do this is to remove outdated or unnecessary programs from user devices, which just offer additional attack surfaces for bad actors to target. Ensure that all user devices are updated and patched automatically, or as frequently as possible. While these measures can’t provide 100% protection against zero-days, they can significantly reduce your risk. Additionally, take the time to adjust your hypervisor firewall rules. This is important because you can manage both ingress and egress traffic to set granular rules for which users can send, receive and access both inbound and outbound data, as well as how much and which types. Setting strict outbound rules is incredibly important here due to the fact that ransomware attacks often threaten to leak confidential company data.
Our research shows that exposure of just a single terabyte of data could cost you $129,324; now think about how many terabytes of data your organization stores today. Most companies end up storing hundreds of thousands to hundreds of millions of files, many of which are highly valuable and critical to business operations. Ransomware attacks continue to wreak havoc on companies of all types and sizes by locking those assets away as leverage for cyber extortion. Even though there are advanced solutions out there that can allow you to simply roll back your environment to a pre-attack state and restore all files to the last unaffected version, a widely distributed workforce can make this much more challenging (and increase the odds of reinfection without the proper preventative measures in place).
As the coronavirus pandemic continues to play out over the coming months, attackers will focus their attention on the many new targets supplied by the burgeoning population of remote workers – just hoping that they’re unprepared and unprotected enough to make for easy footholds into your organization. The most effective approach is to prevent ransomware infections before they can inflict damage. Implementing the above best practices today will help you better secure off-network employees if and when ransomware comes calling.
About the Author
Kris Lahiri is a co-founder and the Chief Security Officer of Egnyte. He is responsible for creating and implementing Egnyte’s global information security and compliance management strategies, policies and controls that protect all of Egnyte’s customers’ content and users. Prior to Egnyte, Kris spent many years in the design and deployment of large-scale infrastructures for Fortune 100 customers of Valdero and KPMG Consulting. Kris has a B.Tech in Engineering from the Indian Institute of Technology, Banaras, and an MS from the University of Cincinnati. For more information, visit: https://www.egnyte.com.