#HowTo: Improve Ransomware Resilience Across Remote Working Environments

Written by

Perhaps unsurprisingly, the global shift to remote working operations over the past 12–18 months has coincided with a large rise in targeted cyber-attacks, particularly involving ransomware. As organizations of all sizes continue to grapple with the realities of the post-COVID business landscape, criminals are ‘making hay while the sun shines’ by capitalizing on any/every vulnerability they can find in the plethora of hastily constructed remote working environments out there.

To combat this growing threat, businesses must take the time to build and implement robust, far-reaching solutions that are suited to the unique security challenges these new environments pose. Fortunately, there’s a wealth of technologies that can deliver the high levels of protection needed without compromising overall operational efficiency or employee productivity.

1) CASBs prevent unwanted cloud access from anywhere: CASBs help to secure organizations’ cloud environments by providing defenses for infrastructure-as-a-service (IaaS) platforms and software-as-a-service (SaaS) apps. They can be deployed in a variety of modes that protect against ransomware attacks. Firstly, integration with cloud services’ application programming interfaces (APIs) provides visibility and control over the data at rest within them, meaning it can be regularly scanned for any signs of attack or infection. Secondly, CASBs can use forward proxy agents to scan downloads and uploads in real-time, identify threats and block access where needed. Thirdly, an agentless reverse proxy can accomplish the same effect without software on endpoints, ideal for remote BYOD environments where device access can prove challenging. For the very best defense against ransomware in the cloud, businesses can deploy a multi-mode CASB, which delivers all three of these deployment modes in one.

2) SWGs stop intentional/unintentional visits to malicious destinations in real-time: Since its inception, the internet has proved a potent vehicle for all manner of cyber-attacks. As such, a strong defense against intentional/unintentional accessing of malicious web destinations (such as command-and-control sites or phishing pages) is a crucial part of any effective cybersecurity program. SWGs block access to these kinds of malicious destinations in real-time, quickly shutting off potential avenues for cyber-criminals before they can exploit them. But that’s not all. As otherwise innocuous web destinations can also be used to download infected files (such as through a file attachment in Gmail), SWGs provide the ability to scan files for threats at download and block them in real-time too. 

3) ZTNAs restrict network access without compromising user experience: Almost every day, headlines appear about ransomware breaches resulting from cyber-criminals successfully exploiting vulnerabilities in an organization’s remote network access controls. Once inside, these criminals can remain hidden for weeks, months, or even years, making it crucial to close such vulnerabilities as soon as possible. Unfortunately, too many organizations are still relying on virtual private networks (VPNs), which don’t offer anything like the level of security needed today. 

In simple terms, a VPN establishes a secure ‘tunnel’ between a user’s device and an organization’s IT network. However, not only do VPNs suffer from performance and scalability issues when user numbers go up, but they also operate on a ‘trust, but verify’ basis, whereby once a user has access (usually via a simple set of credentials), they have free reign within the network. For cyber-criminals, this is an open invitation to go wherever they like and steal whatever they please — all that’s needed is a compromised set of credentials. However, as the name suggests, ZTNA works on the basis of ‘never trust, always verify,’ meaning no user or device is trusted by default. Cloud-based ZTNA solutions preserve user experience, provide needed scalability and grant access to specific applications (rather than the entire network), all while applying real-time threat protection policies designed to stop ransomware.

When used in combination, CASB, SWG and ZTNA can defend against malware in the cloud, on the web and on-premises, respectively, offering organizations a truly resilient defense against ransomware attacks via all three vectors. However, deploying and managing all three separately can be laborious and time-consuming, leading to security teams quickly feeling overwhelmed. For this reason, the final piece of the puzzle is the implementation of a secure access service edge (SASE) platform that’s capable of delivering all three technologies in a single offering. Doing so not only significantly reduces administrative time, it helps secure any interaction against threats like ransomware. 

The unprecedented events of the last 18 months have had a huge impact on data security worldwide. However, as the dust begins to settle, more and more organizations are starting to get to grips with the new demands of remote working and implementing solutions that offer robust ransomware resilience without compromising operational efficiency. Don’t wait to become a victim.

What’s hot on Infosecurity Magazine?