Intelligent CIO Africa Issue 58 | Page 32

TALKING

‘‘ business perhaps we should be taking a step back and looking at the commonality in all these different variations that we ’ ve discussed .

This is something more targeted that we can focus on because a lot of ransomware discussions are isolated to the endpoint but while a ransomware attack will hit one endpoint to start with , its objective is to spread . So , there ’ s this kind of propagation that happens within ransomware that often isn ’ t necessarily focused .
Which tools and solutions should organisations consider investing in to protect themselves and what ’ s the best practice approach for protecting against ransomware attacks ?
There are the basic elements and basic hygiene which organisations should certainly be considering . For example , keeping machines patched and up to date , making sure you ’ ve got some form of next-gen antivirus and EDR solution is going to help filter out some of those initial intrusions .
But taking a step back , we ’ ve got to be cognisant that it ’ s becoming very profitable to execute these types of attacks and we ’ re seeing reports of affiliation to nation states because of the impact and the damage that ’ s caused . It all comes back to the fact that ransomware wants to spread . It might get onto one workstation , but it wants to spread far and wide and if it ’ s extortion , it ’ s going to want to pivot off your workstations and go after your data .
Taking a different look at this , it ’ s going to be things such as making sure that everyone ’ s running without administrative rights on their workstation , ensuring that everyone ’ s using strong authentication and moving away from the usage of passwords in your environment . Because propagation or lateral movement , which is something you want to stop , is going to be a lot easier if there ’ s a lot of weak credentials being used in environments .
Using strong authentication like multi factor authentication is going to be important , as well as managing the privileged and administrative accounts in your environment because they ’ re commonly targeted to allow that spread to take place .
Forcing and adopting the principle of least privilege is something that ’ s talked about in every kind of government best practice but striving towards least privilege is going to make the attacker ’ s life a lot more difficult .
It has a double reward for organisations because that best practice would be the same if we were talking about trying to prevent a data breach or stop a nation state performing espionage in their environment , or lateral movement .
It just so happens in this case we ’ re talking about ransomware because the end objective is some form of ransom to be held against the organisation .
How does CyberArk set itself apart from others as a ransomware prevention partner ?
We look at the end-to-end process , including all the aspects that take place in a ransomware attack such as a data breach or service disruption .
We ’ re very cognisant of what ’ s happening around identities in that attack cycle and attack path . We ’ re really focusing on reducing removing admin rights across the entirety and , when it comes to ransomware , being aware that this is not just an endpoint piece .
Yes , we have technology and services and help organisations ensure no one ’ s running with local admin rights – which is really important because we ’ re all sitting at home on Wi-Fi networks which no one ’ s ever changed the router password for so we ’ re in an environment that ’ s less secure than when we ’ re in the office .
Helping organisations lock down permissions is important but knowing that for ransomware to take place and really impact an organisation it ’ s going to want to spread and move out .
It ’ s also stepping away from the endpoint and looking at how lateral movement and propagation happens in the wider organisation , so things such as privileged access management , forcing least privilege , delivering strong adaptive multi factor authentication . These are things that we have with our capability suite , as they tackle that endpoint problem but also that wider problem of lateral movement within the organisation . p
32 INTELLIGENTCIO AFRICA www . intelligentcio . com