Avoiding Ransomware

by | Sep 8, 2020 | Blog, Outside Intel

Many maturing security operations centers within medium and large enterprises will indicate that ransomware is often the biggest “threat” that keeps them up at night. Ransomware is not a threat; it is a capability criminals use with an intent of monetizing illegal access to an enterprise’s network and data.

In many cases, an actor can effectively use ransomware due to a lack of basic “blocking and tackling” in cybersecurity operations – poor processes in people and technology including but not limited to:

  • Lack of Network Segmentation
  • Inability to Conduct Appropriate Patch Management
  • Lack of Effective Monitoring and Alerting Technology
  • Lack of Manpower or Understanding what Alerts to Schedule
  • Inability to Capture and Analyze Appropriate Logging Inside the Environment
  • Lack of Visibility Into What’s Occurring Against an Organization Outside the Firewall
  • Poor Access Control to Critical Data and Production Environments Including Cloud Storage

Crypsis Group Vice President Art Ehuan provided a great case study of a major breach resulting from a holding company’s inability to properly segment three subsidiary networks on the most recent episode of the Nisos Cyber5 podcast. Listen below for his story.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights Retainer℠
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks