We have all been there! We switch on a news channel and there in flashes a piece of news about a breach and/or a ransomware attack post the discovery of a breach. It has become the new ‘normal’ to the point where the masses have become curious if an organization hasn’t already been breached. There is usually only so much an organization can do right. Perhaps wrong! There are multiple ways to at least bring it down to a somewhat ‘not-so-ugly’ scenario.
Re-introducing Endpoint Security! Yes, this solution CAN bring this menace down to a reasonably acceptable level with the goal of taking it down to negligible proportions (well… there will always be that ONE click). Thankfully, today’s endpoint security solutions have been ‘sort of re-invented’ to help understand how a ransomware family of infections works, propagates, and even aligns itself to the MITRE framework for successful delivery of payload and down-the-line execution. Security vendors are now adopting and working on creating a sort of fusion between threat intelligence sources, fingerprinting of execution codes, and sending the cocktail to their AI/ML algorithms for a perfect concoction that works like a panacea for threats like ransomware and the like.
We can now switch gears and see the ‘how’ part next. Most organizations have tried the age-old tested methods of training the employees not to click randomly – here, there, everywhere – and have had phenomenal success. However, there will always be gotchas and one or two attacks might seep through, enough to cause a financial catastrophe (not to forget the more important human factor to the extent of even loss of life – in hospitals and pharmaceutical industries). All is not lost though. With a few recommended best practices and erring on the side of caution, we can all fight this demon and perhaps once and for all make it a less lucrative crime.
Here are a few for starters.
- Train and re-train periodically and EMPOWER your team on social engineering and other email threats – this is the MOST COMMON and PREDOMINANT attack vector!
- Keep the systems properly, frequently and diligently patched – this could be the difference between a win and a whole lot of sleepless nights for the execs and the support staff.
- Invest in solutions like EDR and MDR and even perhaps an XDR which have evolved over the years and have been using state-of-the-art technologies and the now buzzword “AI and ML” combination.
- Use a defense-in-depth strategy rather than stovepipe solutions that work on a tactical basis.
- Last, but not the least, have a BC/DR plan that has been tested and can actively be implemented to save a lot of heartaches, headaches, and as above quite a few weeks of cleaning and rebuilding supplies (digital, of course).
In today’s world, the skill level needed to launch – and successfully reap benefits – a ransomware attack has gone down. There are freely available tools in the dark and gray web markets with individuals and groups offering these services for a very nominal price (they don’t even want to know the reason). The burden of protection lies on the organizations who have other businesses to carry out and are using IT only as an enabler. The endpoint security solutions available today have recognized this as the key problem statement and have upped the ante against these kinds of groups and/or individuals and have had some success in keeping these guys at bay. The guard cannot be lowered in any near or distant future when it comes to these threats, as we all know, any system can be breached with plenty of time and/or a high level of motivation. Unfortunately, nation-states have joined forces against their enemies to constantly pester them or distract the world from a crime they have been accused of.
Lastly, another interesting point is the lucrative payment format these offenders use. The recent spike, more like a Tsunami wave, in Bitcoin and other digital currencies is not helping bring these guys to books. If only these monetary instruments are regulated, tracked, and dealt with, will we, perhaps, see a decrease if not an entire ‘wrap-up-and-disappear’ situation of this kind of a business.
How can we help at Happiest Minds?
We work on a suite of endpoint security products from various niche vendors that help us work in an orchestrated manner to develop an end-to-end secure environment for the organization we are hired to protect. Our endpoint security is powered by an award-winning CRPP (Cyber Risk Protection Platform) platform and next-gen Security Operations Centre (SOC) backed by a team of experts trained and re-trained on multiple technologies to stay on top of the latest threats, trends, techniques, and results. We partner with multiple vendors providing these solutions and employ a team that excels in some or all these products with team members at various levels of experience.
CISSP, SSCP (ISC2), Senior Technical Manager, IMSS-Cybersecurity. He comes with 20+ years of experience in Endpoint Security consulting, implementation, and administration. He has worked as a Data Security, Web Security, and Email Security implementor, Consultant, and has administered and successfully delivered multiple projects. He has lived and worked in the United States for about 17+ years and worked with various organizations, specifically healthcare. He also worked at multiple geolocations in NA and has worked with organizations in EMEA and Australasia.
