Helping your customers shift to a more proactive approach against ransomware

Sean Campbell, Director Canadian Channels, Fortinet

Earlier this month, 30 nations gathered in the United States to discuss a growing global threat: ransomware. The U.S. has been targeted by increasingly bold cyberattacks, including one that shut down a pipeline and another that impacted a meat producer. And the U.S. is not alone. Canada has had its share of high-profile attacks, including one against the RCMP in May 2021. FortiGuard Lab’s latest Global Threat Landscape Report estimates that ransomware incidents have increased nearly 1070% in the 12 month period between June 2020 and July of this year.

Unsurprisingly, Fortinet found that 94 per cent of organizations are concerned about ransomware attacks. As a result, a full 96 per cent of organizations consider themselves moderately prepared for an attack. But as many successful attacks show, “moderately prepared” might not be prepared enough.

The survey uncovered a surprising disconnect between organization’s perception of preparedness and implementation of actions and strategies proven to help thwart attacks. For example, less than half have implemented strategies that include network segmentation (48%), forensics investigation capabilities (34%), or have been testing ransomware recovery methods (28%). On their list of essential tools to secure their infrastructure from ransomware attack? Critical security technologies such as secure email gateways (33%), network segmentation (31%), user and entity behaviour analytics (UEBA) (30%), SD-WAN (13%), and sandboxing (7%) ranked near the bottom. When compared against the top vectors mentioned for attack, the disconnect demonstrates an opportunity to think differently about securing against ransomware attacks.

The good news is that organizations can take steps to right their course and better protect against ransomware and its costly consequences. 

It’s no longer – “when”

The number and potential impacts of ransomware are mind-boggling. This year alone, ransomware attacks are estimated to cost the global economy $20 billion USD. Ransomware is so lucrative some criminal elements now offer “ransomware as a service” or RaaS – a business model accelerating activity. 

For many organizations, a ransomware attack could result in a hit to their bottom line and reputation – potentially costing them millions. That’s because ransomware is specifically designed to disrupt business activity while holding data hostage in exchange for money. The criminals behind such attacks can access, download, share, or even corrupt data. 

Government interventions might offer a way to slow the barrage of attacks. If successful, it would be a welcome relief: Fortinet’s survey suggests that 67 per cent of organizations have been the target of a ransomware attack, and one in six were attacked three or more times. But the best line of defence is likely under each organization’s control. According to the survey, around 60 per cent of organizations surveyed are investing in employee cyber training (61%), offline backups (58%), and specialized cybersecurity/ransomware insurance (57%). Further, 72 per cent said they have a ransom policy in place, but for almost half (49%), that means paying the ransom out. For Canadian organizations, a new poll from the Canadian Internet Registration Authority (CIRA), suggests almost 70 per cent of Canadian organizations that experienced a ransomware attack last year paid out.

Paying ransom is hardly the best or most sustainable strategy considering attacks continue to proliferate and gain in sophistication. Instead, there is an opportunity for partners to help customers introduce these tools, strategies, and best practices designed to protect infrastructure from attack or, in the case of a breach, mitigate its impact: 

Assume zero trust: A zero trust access (ZTA) approach assumes every attempt to access network resources, data or applications is suspect. It requires every user and device to be verified using multi-factor authentication each time the network is accessed and limits the resources available to a worker’s job role. Expanding on ZTA, zero trust network access (ZTNA) extends secure access controls to critical applications for any user or device, whether they are on or off the network. It automatically provides a secure connection while logging the transaction and monitors for unusual behaviours. Universally managed and broadly deployed, ZTNA can provide organizations with a high level of protection, visibility, and control. 

Block Known Threats: Organizations should seek out platform-based cybersecurity solutions like Fortinet’s Security Fabric, which brings end-to-end security to prevent ransomware across all points of entry. Powered by intelligence from FortiGuard Labs, Fortinet combines market-leading prevention, detection, and mitigation with top-rated threat intelligence and behavioural analytics to protect devices, data, applications, and can quickly identify and block intrusions.

Detect New Threats: Ransomware is constantly evolving in technological complexity. It requires advanced detection techniques to stay ahead of the new variants. Adding sandboxes helps organizations by confining applications involved in suspicious to an isolated environment. There, the behavior can be analyzed to determine if it is harmful and if so, an alert is triggered. It is also important to offer real-time behavioural detection and threat intelligence at all endpoints, with modern endpoint detection and response (EDR) technologies. 

Secure the Entire Infrastructure: Smart and agile SD-WAN is rapidly replacing traditional WAN connections. For a more secure solution, SD-WAN should be built on a security-based platform, like Fortinet’s Next-Generation Firewall (NGFW),to replace legacy remote connectivity to cloud and data center resources from branch offices and certain super-users. 

Limit the Risk: When an organization is compromised, ensuring data is encrypted can prevent criminals from exposing it online or reselling it on the dark web. To limit ransomware’s impact, use dynamic network segmentation to slow the malware and limit incursions to small sections of the network. 

While national and international efforts to combat ransomware are welcome, organizations must still remain vigilant, and proactive in securing their network. All organizations must adopt an effective strategy and invest in the critical security resources needed to narrow the ransomware attack vectors. The cost of not prioritizing this work is one that no organization will want to pay. 

Sean Campbell is Director of Canadian Channels at Fortinet