Ransomware protection strategy to secure your data

Ransomware Protection Strategy to secure your data

Ransomware is a kind of crypto-malware that encrypts the users and organizations sensitive data and renders the files and folder into unreadable form. This is not a novel threat in the cyber world, but it is equally destructive and deadly if it hits the organization. However, ransomware has created havoc in many enterprises, resulting in degradation of their reputation and an increase in their financial loss, wherein cyber attackers demand payment in a million dollars to decrypt the data and restore the access. Despite several attempts and multiple approaches to stop or mitigate this threat, ransomware continues to rise and impact several organizations in almost all verticals. It is a common assumption that all ransomware are similar to each other, but that’s imprecise, they are very different in their functioning, like WannaCry, Maze, Locky all are ransomwares, but their functioning differs from each other that’s why the same approach isn’t the best fit to mitigate different types of ransomware and protect the organization altogether. Hence, a robust framework is required that employs a defensive security posture that can be customized and automated according to the need of the enterprise.

Zensar has a robust and matured “DataProtect” framework that addresses customers' pain points by offering a comprehensive discovery and defensive strategy. This is powered by developing a comprehensive, defensive security posture with the help of right set of tools like EDR and the Data protection suite.

Zensar’s “DataProtect” framework has four pillars which incorporates all the key requirements of NIST, CIS, CSA, etc. amalgamated together with regulatory and compliance requirements to secure customer’s asset and data from adversaries.

Pillar 1: Proactive Data Risk Assessment:

1. Identify: To understand the idea what cybersecurity risk you need to mitigate. Discovery is the process of data risk assessment that covers and identifies the scope of sensitive data, essential assets, people, and capabilities that need to protect proactively in case of ransomware attacks to minimize the risk. Visibility is the paramount to develop the defensive security posture with risk mitigation capabilities. You can’t secure things that you can’t see, or you don’t know where they are. Many cloud providers provide cloud asset inventory features that help safeguard assets with modern security threats.

2. Detect: The ability to detect and prevent the malicious activity associated with ransomware as soon as possible is the key to avoiding business disruptions. IDS/ IPS are the solutions that can help flag the anomalies, watch for intrusion attempts and deploy the DLP solution to detect the exfiltration of sensitive data embedded with the right set of classification. DLP helps in preventing data that could seem attractive to attackers and ransomware operators. With the integration of SIEM and EDR solutions, these solutions help scan the early signs of ransomware executions and lateral movement.

Pillar 2: Implement and Enforce control

1. Protect: Create or set up safeguard points that help smooth transactions of critical business processes and business as usual in case of any attack. These security features or safeguard points developed in the amalgamation of multiple security technologies and secure frameworks such as zero-trust to protect and securely verify user access and device integrity. Some strategies that play a vital role in this step are: -

• Secured cloud native email protection with strong antispam features.

• Harden the system and network infrastructure with network segmentation.

• Secure IAM policies that prevent the account takeover with least privilege approach.

• Zero trust access controls to prevent lateral movement and unauthorized access.

• Advanced EDR /XDR solutions with behavior-based monitoring.

• Avoid open suspicious attachment and executable from unknown source Educate users, provide trainings on basic cyber hygiene.

• Implement application whitelisting.

• Disable windows script host and macros in office application.

• Limit the RDP access.

Pillar 3: Monitor Detect and Automate Risk

Monitoring and Response: A robust incident response (IR) plan is the backbone of any organization, combining the right people, process and technology. IR team must have right skills set and experience, they should know what procedures to follow to remediate the cyber-attack. During attack, it is most critical to secure your communication channels and encrypt your data. Implement data security suites that helps to build automated playbooks and to have functionality of alert investigation pages that speeds up the IR team investigation and resolution.

Few are the key pointers that helps to build efficient IR plan

1. Define the key stakeholders with contact details of all key individuals

2. Clear communication with ownership of sending out communication, assigning tasks and duties of appropriate actions. Also, who will be involve in which communication and how much detail is required depending on the audience.

3. Have clear definition of the events qualified as incident with severity level.

4. Build a triage matrix to understand the severity of incident so that can be prioritized and remediated in time.

5. Automated Playbooks, clearly defined procedures and efficient cyber task force.

Pillar 4: Continuous Assessment and Improvement

Continuous Improvement: This phase aims to continuously assess and audit the expected outcome and improve the security controls with a better cyber resilience plan. By evaluating the environment, we can identify the areas of improvement where the risk lies in the business ecosystem, and provide incremental improvements on weak areas to ensure continuous security improvement. Act on incident alert, fine tune and improve process, responses etc.

In this phase, Zensar helps customers to build a maturity model based on the requirements, standard process and security teams’ feedback, since security folks are the individual contributor who implement many of the security measures, their feedback is of critical importance to improve the security posture. Maturity model generally includes the collection of best practices and Zensar helps to map the predefined test with best practices standards (CIS, NIST, ISO ) and compliance, adherence to the maturity model proves that organization is committed to improving its process and practices within the model domain and strengthen the entire program that positively reflects on the entire security posture and deliver the high-value service.

In a nutshell, Zensar’s “Dataprotect” framework help enterprises to assess and understand how they defend their organization data, system, and employees against adversaries. This provides the customers the visibility to understand the risks and overexposed data and help discover, classify, and protect sensitive data.