Avoiding Ransomware

by | Sep 8, 2020 | Blog, Outside Intel

Many maturing security operations centers within medium and large enterprises will indicate that ransomware is often the biggest “threat” that keeps them up at night. Ransomware is not a threat; it is a capability criminals use with an intent of monetizing illegal access to an enterprise’s network and data.

In many cases, an actor can effectively use ransomware due to a lack of basic “blocking and tackling” in cybersecurity operations – poor processes in people and technology including but not limited to:

  • Lack of Network Segmentation
  • Inability to Conduct Appropriate Patch Management
  • Lack of Effective Monitoring and Alerting Technology
  • Lack of Manpower or Understanding what Alerts to Schedule
  • Inability to Capture and Analyze Appropriate Logging Inside the Environment
  • Lack of Visibility Into What’s Occurring Against an Organization Outside the Firewall
  • Poor Access Control to Critical Data and Production Environments Including Cloud Storage

Crypsis Group Vice President Art Ehuan provided a great case study of a major breach resulting from a holding company’s inability to properly segment three subsidiary networks on the most recent episode of the Nisos Cyber5® podcast. Listen below for his story.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks