BLOG
Avoiding Ransomware
Many maturing security operations centers within medium and large enterprises will indicate that ransomware is often the biggest “threat” that keeps them up at night. Ransomware is not a threat; it is a capability criminals use with an intent of monetizing illegal access to an enterprise’s network and data.
In many cases, an actor can effectively use ransomware due to a lack of basic “blocking and tackling” in cybersecurity operations – poor processes in people and technology including but not limited to:
- Lack of Network Segmentation
- Inability to Conduct Appropriate Patch Management
- Lack of Effective Monitoring and Alerting Technology
- Lack of Manpower or Understanding what Alerts to Schedule
- Inability to Capture and Analyze Appropriate Logging Inside the Environment
- Lack of Visibility Into What’s Occurring Against an Organization Outside the Firewall
- Poor Access Control to Critical Data and Production Environments Including Cloud Storage
Crypsis Group Vice President Art Ehuan provided a great case study of a major breach resulting from a holding company’s inability to properly segment three subsidiary networks on the most recent episode of the Nisos Cyber5® podcast. Listen below for his story.