Ransomware volumes are up 1000%. Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs , discusses secure email, network segmentation and sandboxing for defense.
A recent survey by Fortinet revealed that two-thirds of organizations had been the target of at least one ransomware attack – and 85 percent are more concerned about a ransomware attack than any other form of cyberattack. And, the evolving threat landscape is cited as one of the top challenges in preventing ransomware attacks.
Almost all of those surveyed said they felt they were moderately prepared for a ransomware attack. They also indicated that their top investment priority was to provide cyber-awareness training for their employees. However, it was also clear from the survey that most organizations also need to recognize the critical value of investing in additional technologies.
Advanced email security, segmentation and sandboxing are crucial, in addition to mainstays like next-gen firewall, secure web gateway (SWG), and endpoint detection and response (EDR). Today’s ransomware attacks leverage multiple attack vectors, so it’s vital that enterprises consider and evaluate solutions designed to reduce the full scope of their risk. If not, such gaps are sure to be exploited by determined cybercriminals.
Advanced Email Security Is Still Needed
Email remains one of the top vectors for cybersecurity attacks because it’s a tool that everyone in an organization uses. It’s also almost always delivered in an open format, meaning that once intercepted, email can be read on any device without decryption. Phishing emails specifically are the most common delivery method for ransomware – 55 percent of survey respondents said phishing was the most common method used to gain access to their organizations.
And yet, when asked which products or solutions they believed were essential for securing against ransomware, only 33 percent of respondents to the survey selected Secure Email Gateway (SEG). Even though, it can be argued that the first line of defense, even before training for end-users, is a modern SEG capable of detecting and disabling malicious attachments and links before they ever reach the user’s inbox.
And the reality is, the email services many organizations have adopted do not provide the level of protection they need. It’s why email is still the primary attack vector for ransomware. And the results of the survey simply underscore the need for more organizations to ensure they’ve fully bolstered their email gateway.
Remote Work Amplifies Need for Network Segmentation
Another surprising find in the ransomware survey was that only 31 percent of respondents ranked segmentation as an essential tool in the fight against ransomware. This is surprising because almost all ransomware attacks move laterally across the network, looking for additional data to encrypt.
As cloud adoption increases, network segmentation becomes increasingly essential — especially in multi-cloud and hybrid cloud environments. Segmentation allows organizations to securely partition their network according to business needs, and grant access to different areas of the network and specific resources according to role and current trust status.
Also, every network request is inspected rather than automatically trusted. This is highly beneficial to prevent the lateral movement of threats within the network looking for data to compromise and hold hostage should they manage to get inside the network.
Playing in the Sandbox
User entity and behavior analytics (UEBA) and sandboxing technologies are crucial in identifying intruders, compromised systems and new ransomware variants. But these too were relatively low on the list of tools deemed essential in the survey (30 percent and, surprisingly, 7 percent, respectively).
Sandboxing provides an opportunity to essentially see into the future. The code that runs over your network spans a continuum from good to bad to malicious. And a lot of it is simply unknown. You may already be running security technologies to help protect your organization from malicious code and help you separate good code from bad. However, like most organizations, you’re still at risk from the unknown. And that unknown gap in the code continuum can be significant.
With a sandbox in place, the rest of your network is shielded from the harmful effects of anything operating within the sandboxed environment. It is also highly effective when mounting a defense against zero-day threats.
In addition to running sandbox technology as a stand-alone solution, or better, as part of an integrated security platform, sandboxing should also be embedded in your SEG solution. Even though regular email filters can scan emails to detect malicious senders, file types,and URLs, new zero-day threats pop up all the time – and they can easily be missed by traditional filtration. Sandboxing provides an increased level of protection.
Toward a More Holistic Defense
The fact that ransomware grew more than 1000 percent over the past year lends urgency to the quest for better security across organizations’ networks, endpoints and clouds. And yet, the findings of our recent ransomware survey showed there is still a clear gap between what many believe to be essential security solutions and the technology that experts know can best guard against the most commonly reported methods of attack.
These results underscore the need for more organizations to make investments in technologies like advanced email security, sandboxing and segmentation, in addition to their mainstay security solutions. Doing so will help them mount a stronger and more holistic defense against the scourge of ransomware.
Aamir Lakhani is a cybersecurity researcher and practitioner at FortiGuard Labs .
Enjoy additional insights from Threatpost’s Infosec Insiders community by visiting our microsite.