Organizations need to have adequate cybersecurity controls in place as attackers are in a prime position to exfiltrate personally identifiable information (PII) or get their victims to pay the ransom. Anurag Kahol, CTO of Bitglass, discusses that to stop ransomware attacks and ease the impact if they do occur, all organizations need advanced threat protection. By deploying the right technology, organizations can build resilient IT ecosystems that ensure business continuity.
Amidst a global pandemic that has challenged organizations to shift to remote operations, cybercriminals are ramping up their attacks-particularly ransomware attacks. These malicious parties are taking advantage of the “new normal†work environment to launch ransomware attacks that target gaps in companies’ security postures.
Here are three ways organizations can build a resilient IT ecosystem that ensures business continuity.
1. Implement On-Device SWG
The internet serves as a valuable vehicle of attack for cybercriminals, which is why defense against malicious web destinations (malware, phishing, and command-and-control sites) is critical. This protection is best achieved through the use of a secure web gateway. SWGs help organizations defend against online threats by stopping access to malicious destinations in real-time. However, as otherwise innocuous web destinations can be used to download infected files (for example, through file attachments on Gmail), the ability to scan files for threats at download and block them in real-time is critical functionality.Â
Businesses should use an on-device SWG that decrypts and inspects traffic locally on each endpoint, avoiding backhaul latency, privacy violations, and the cost and scalability challenges associated with SWG appliances. Additionally, leading SWGs should serve as one part of a secure access service edge (SASE) platform along with technology such as cloud access security brokers (CASBs) and zero-trust network access (ZTNA) for reliable, wide-ranging protection.
Learn More: Why Cybersecurity Should Remain A Priority For Businesses
2. Deploy Multi-Mode CASB
Cloud access security brokers secure the cloud for organizations, providing defenses for corporate software-as-a-service (SaaS) apps and infrastructure-as-a-service (IaaS) platforms. CASBs deploy in different modes to serve as a shield against ransomware in different ways. By integrating with cloud services’ application programming interfaces (APIs), they can exercise visibility and control over the data at rest therein, allowing them to scan for infected files.Â
Through forward proxy agents on managed devices, CASBs can scan uploads and download files for real-time threats and prevent them as needed. With an agentless reverse proxy, this can be accomplished without software on endpoints, making it a perfect fit for BYOD environments. To defend completely against ransomware across use cases in the cloud, organizations need what is known as a multi-mode CASB, which provides all three of these deployment modes.
3. Leverage ZTNA
Ransomware breaches repeatedly grab headlines with stories about threat actors that exploit organizations that cannot adequately control access to their networks. These cybercriminals continue to take advantage of remote work, making it more critical than ever to secure remote access to on-premises resources in a granular way. However, many organizations still seek to address this through virtual private networks (VPNs).Â
Using a VPN establishes a secure tunnel that connects a user’s device to an enterprise’s network. However, VPNs suffer from issues such as latency, hampered productivity, and scalability challenges. Additionally, they violate the core tenets of zero trust and provide full access to the network and everything on it. VPN is an access tool and not a security tool. This is where zero-trust network access (ZTNA) can help. Cloud-based ZTNA solutions preserve user experience, provide needed scalability, and grant access to specific applications (rather than the entire network) while applying real-time threat protection policies designed to stop ransomware.
Learn More: What Is Threat Modeling? Definition, Process, Examples, and Best Practices
SWG, CASB, and ZTNA defend against malware on the web, the cloud, and on-premises resources, respectively. For an organization that wants comprehensive resilience against ransomware, the three are critically important. However, it can seem overwhelming or disjointed to deploy and manage each separately. That is why organizations must adopt a SASE platform that delivers all three in a unified offering with a single, easily manageable dashboard. This saves time for administrators while helping security teams to secure any interaction against threats like ransomware.Â
However, not all threat protection capabilities are created equal. Most SASE offerings depend on signature-based protection, which scans files concerning catalogs of previously encountered threats. Obviously, this approach does not allow for the detection of brand-new, zero-day ransomware. Companies should turn to leading SASE platforms that utilize behavior-based protection, which leverages machine learning to evaluate files and is capable of detecting even zero-day threats.
Using SASE to extend the above protections to all enterprise resources must also be paired with proper employee security training that helps users identify phishing attempts and illegitimate emails (the primary vector for ransomware attacks). With the right solutions and strategies, organizations can ensure that they stay one step ahead of cybercriminals.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!