Is Your Security Operations Center Equipped to Handle the Growing Ransomware Threat?
Ransomware poses a threat to organizations of all sizes but can be particularly devastating for small and midsized businesses (SMBs) that often lack the technology, resources and funding that larger enterprises have at their disposal to combat attacks. After all, the financial toll of a ransomware attack extends far beyond the ransom itself. Businesses must invest in tools, technologies and personnel to prevent the attacks, consider the ransom itself, and also account for post attack clean up to get the business up and running again. Cybersecurity Ventures predicted ransomware costs will exceed $11.5 billion in 2019, up more than 35x from 2015.
No matter the size of your business, your security operations center (SOC) should be equipped to catch and repair vulnerabilities in your infrastructure. Here are a few examples of how your SOC should be prepared to defend against Ransomware.
Though Adobe flash downloads have declined in the past two years, there are still forms of ransomware sent via .exe malware files. In order to guard against your endpoints being infected by viral malware, you should have strong antivirus software in place to make sure that an infected attachment never reaches your company’s employee inboxes.
Instead of constantly working in reactive mode, your SOC should be proactive and encourage all employees to immediately deploy patches. One of the most prevalent ransomware attack methods is the use of fileless techniques. In fact, the Ponemon Institute estimates that 1 in 3 cyber attacks that will take place in 2018 will use fileless techniques. These techniques involve the exploitation of pre-existing vulnerabilities in Windows programs. Patches for known security vulnerabilities are essential to install on all endpoints to ensure security.
Managed Endpoint Detection and Response
Although patches can help avoid some fileless ransomware attacks, there will be vulnerabilities that the patches don’t catch. Because the Windows software (such as Powershell) are trusted by the system, new vulnerabilities may be difficult to detect. In order to protect against additional attacks, you need to use Managed Endpoint Detection and Response to monitor for suspicious behavior.
Quick Response Time
Many organizations are unable to sufficiently investigate 25 percent of their security alerts, with no significant variation by country or company size, according to a recent McAfee study. However, being able to swiftly respond to confirmed attacks should be a high priority for your SOC, including the ability to coordinate, remediate, eradicate, learn and prevent recurrences. Sorting through many alerts and determining the ones to follow up on can present problems of complexity and cost. However, if you partner with an MSSP, you can be confident that endpoint detection and response is done efficiently and quickly.