Many maturing security operations centers within medium and large enterprises will indicate that ransomware is often the biggest “threat” that keeps them up at night. Ransomware is not a threat; it is a capability criminals use with an intent of monetizing illegal access to an enterprise’s network and data.
In many cases, an actor can effectively use ransomware due to a lack of basic “blocking and tackling” in cybersecurity operations – poor processes in people and technology including but not limited to:
- Lack of Network Segmentation
- Inability to Conduct Appropriate Patch Management
- Lack of Effective Monitoring and Alerting Technology
- Lack of Manpower or Understanding what Alerts to Schedule
- Inability to Capture and Analyze Appropriate Logging Inside the Environment
- Lack of Visibility Into What’s Occurring Against an Organization Outside the Firewall
- Poor Access Control to Critical Data and Production Environments Including Cloud Storage
Crypsis Group Vice President Art Ehuan provided a great case study of a major breach resulting from a holding company’s inability to properly segment three subsidiary networks on the most recent episode of the Nisos Cyber5 podcast. Listen below for his story.