3 simple solutions to guard against ransomware
- By Sumir Karayi
- Jan 16, 2020
Government agencies are extremely rich targets for cybercriminals. Not only do they house a massive amount of highly sensitive data on virtually every citizen -- from Social Security information to tax, health and criminal records -- but they also provide vital services that keep communities running smoothly and safely.
While a data loss or compromise could certainly be problematic for millions of citizens, a ransomware attack could shut down critical services like public safety, utilities and others, potentially plunging cities or even states and the federal government into chaos. In addition to the risk of attack on an individual agency, the fact that so many now integrated with shared databases (for example, the Free Application for Federal Student Aid system links directly to the IRS’s tax return database) dramatically expands the potential threat surface.
Not to mention, public trust is a huge issue. Every citizen reasonably expects that the agencies they trust to govern, protect and provide vital services will safeguard data and resources with the most advanced technology available on the market.
The reality is far less ideal
The public would likely be quite shocked to know that, according to a recent report, organizations have zero visibility over more than a third of their endpoints, and no control over more than 40%. They’re essentially wildcards -- devices that are being used routinely by employees with zero IT oversight into what software is operating on the machine, its OS version/update status or control over who can do what through its native admin tools.
As a result, when these machines are neglected -- when IT has no knowledge of or ability to manage their status and keep them updated with patches and security protocols -- it creates a massive risk surface. In fact, on average, just 66% of organizations’ software estate is current, which means that over a third is outdated. Considering that most of the largest, most damaging recent attacks, such as NotPetya and WannaCry, leveraged known vulnerabilities for which patches had been made available, it’s no wonder that over 60% of organizations have been breached in the last two years, and over 30% have been hit more than once.
IT organizations simply don’t have enough visibility or control over their endpoints to fully protect themselves from the ever-growing risk. Why? Because the tools they’re forced to use aren’t designed for modern computing.
Modern computing demands modern solutions
Most IT organizations rely on antiquated solutions that haven’t evolved much since the days of mainframe computing: VPN, PowerShell, Command Prompt and Remote Desktop Protocol (RDP). Managing and updating thousands of endpoints with these manual tools is incredibly inefficient, time consuming and, in the case of remote workers, practically impossible. As a result, IT security doesn’t trust IT operations to keep things up to date and respond to breaches in a timely manner, creating animosity and lack of cooperation between the two teams.
Protection begins with getting the house in order. IT managers can’t protect what they can’t see, and they can’t maintain what they can’t access. Here’s how to finally take back control of the entire IT landscape and protect it against ransomware and other malware threats:
1. Bring every single endpoint current with patching. It’s a deceptively simple solution for preventing the majority of ransomware attacks that exploit known, yet unpatched, vulnerabilities. To do so, agencies must implement automated endpoint management solutions that download, deploy and install routine OS and software patches on their own. It’s the only way IT teams can handle the volume and cadence of today’s update and patching protocols. By leveraging these tools, IT teams can bring more than 90% of their devices current and focus their energies on those that need manual updates. It’s a tremendous productivity boost.
2. Automate any routine task. In addition to patching, using automated tools to handle migrations, software asset management, reporting and other typical tasks can alleviate a massive amount of manual labor. This allows IT to focus on more strategic tasks, including network and device security, and troubleshooting and resolving user issues. It can also help to improve any breach/remediation response by freeing up resources to go to work on problems when they arise.
3. Lock down admin tools. The extremely powerful tools like PowerShell, Command Prompt and RDP that IT professionals use every day are increasingly becoming the targets of attacks, in which bad actors use these otherwise beneficial tools to remotely perform malicious tasks, sometimes called "living off the land binaries and scripts," or LOLBAS, attacks. These tools should only be enabled for an official IT personnel to perform necessary tasks; otherwise, they should be disabled on every endpoint. Again, automated solutions can help make this process more efficient. Solutions that “turn on” these tools like a switch for admins with valid credentials and then immediately disable them after use are incredibly valuable for keeping an agency's vulnerable assets protected.
Getting the house in order can give any government agency the visibility, access and control to protect itself from the barrage of increasingly sophisticated attacks. Leveraging automated tools is a critical necessity in doing so, because it gives IT teams the ability to reasonably manage the volume of tasks they’re expected to perform every day, all while mounting a strong defense against attacks and unexpected events.
Sumir Karayi is the CEO of 1E.