The Conjoined Triangle of Ransomware
Working towards a simplified solution to ransomware defense
I confess, I am a big fan of Silicon Valley. It is absolutely one of my comfort shows. So, as I have been toying with the idea of a simplified version of ransomware defense, this scene kept running through my head.
People ask me all the time for the “one thing” they can do to prevent ransomware attacks. The truth is, despite some vendors’ claims, there is no “one thing,” it takes a comprehensive security program to effectively protect against initial access brokers and ransomware operators.
Then the conversation turns to, “where should I start?”
And that is where my “ransomware triangle” comes into play. If the best ransomware defense is to keep the ransomware actor from ever getting in the network, then your defense should focus on the ways that most ransomware groups gain access (either directly or through IABs).
Most research agrees that the three most common ways that IABs breach organizations are (in no particular order):
Phishing
Credential Leaks / Stuffing
Exploitation
So, focusing on knowing what you have, and where you have it (including your data) along with keeping those systems patched in a timely and properly prioritized manner while knowing your when employee credentials have potentially been compromised or employee accounts are accessing systems they probably shouldn’t will allow organizations to stop most ransomware attacks.
That was a mouthful of a sentence because, let’s face it, if the three things outlined above were easy everyone would be doing it and we wouldn’t have a ransomware epidemic on our hands.
That being said, I do think it is important to spell out what needs to be done for organizations to protect themselves and all of these are realistic goals that almost every organization can accomplish without requiring a huge security budget.
I am still working through the practical side of this, but I would love your thoughts on this and, in particular, if there is anything I am missing.
Yours Truly, Johnny Dollar #3
We are getting ready to launch the Kickstarter for the 3rd Issue of Yours Truly, Johnny Dollar. In this issue Johnny travels to Billings, Montana to tackle a ransomware attack against a school system.
First day support for Kickstarter campaigns is so important so I would really appreciate it if you would consider backing us on the first day. You can set a reminder to be notified of the launch by going to our pre-launch page.
Thank you for your continued support!
What does IAB stands for?