Page 251 - Cyber Defense eMagazine September 2025
P. 251
These reflect innumerable forensic reports and are not merely theoretical.
An Executive Playbook Protecting Privilege from RaaS
1. Reduce the Area of Attack
• Use Just in Time (JIT) access instead of standing privileges.
• Immediately decommission accounts that are not in use.
• Examine and eliminate credentials that are embedded or hardcoded into scripts.
2. Layered Verification
• Enforce multi-factor authentication (MFA) for all privileged accounts, including machine and
service identities.
• Employ phishing-resistant techniques, such as hardware tokens and FIDO2.
3. Behavioral Monitoring
• Use AI/UEBA (User & Entity Behavior Analytics) in PAM tool deployment.
• Look for irregularities, such as an administrator logging in from a foreign IP at two in the morning.
4. Divide and contain
• Keep production and admin networks apart.
• Use least privilege and microsegmentation to restrict lateral movement.
5. Recovery and Resilience
• Prevent administrator manipulation of backups (immutable backups).
• Test recovery drills for ransomware every three months.
6. Board Level Oversight
• CISOs are required to report on the risk of privileged accounts to boards on a quarterly basis.
• Consider PAM more than just a compliance tool; treat it as a business continuity control.
Prospects for the Future: Advantage in a RaaS Environment
The RaaS marketplace will continue to advance, using AI to automate privilege escalation and lateral
movement. In order to defend privileged access, it will be necessary to implement risk-based access
decisions, continuous authentication, and automated anomaly remediation.
Executives need to understand that ransomware cannot be "purchased" with ransom payments or cyber
insurance. Proactive privilege governance, which shuts the door before attackers even enter, is the only
long-term defense.
Cyber Defense eMagazine – September 2025 Edition 251
Copyright © 2025, Cyber Defense Magazine. All rights reserved worldwide.
