Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

CISO's Corner: The Top 3 Ransomware Preparedness Tips Most Organizations Are Missing

Today more than ever, companies are on high alert for ransomware attacks. Even as companies seek to protect themselves, however, they may not realize how the very nature of ransomware attacks has shifted. No longer simply a freeze on your data assets through encryption methods, ransomware attacks now often steal the data they have under ransom, creating an entirely new set of security considerations when an environment has been compromised.

We spoke with David Bishop, CISO at Trustwave and Darren Van Booven, Lead Principal Consultant at Trustwave and former CISO of the U.S. House of Representatives, to discuss ransomware preparedness and what organizations might be missing from their cyber resilience strategy.

There seems to be a misconception that if you have system backups or endpoint protection, you're covered for a ransomware attack. Can you talk about the need for a holistic approach and the coordination necessary for effective ransomware preparedness?

Darren: Of course. When asked the question, "How do you think you are doing from a ransomware preparedness perspective?", most organizations I speak to will say they've got it covered. But when asked a few deeper questions about what they're doing to prevent some of the exploitation techniques that we see in incidents within their environment, they either don't know the answer, or they start realizing that, no, they're actually not prepared. 

David: And I think part of the reason they're ill-prepared is that ransomware attacks today are a lot more than just ransomware. Besides installing on an endpoint and encrypting files, attackers are actively exploiting the environment to steal data so that they can further extract ransom under the threat of releasing the information to the public. Or, they'll take additional measures to corrupt, destroy or render inaccessible any backup infrastructure that you have. Nowadays, you have to be prepared on multiple fronts. It's not just securing your endpoints but ensuring you have data loss protection as well as solid backup infrastructure. Unfortunately, a lot of companies are just not doing this holistically. 

It sounds like this has become more of a hybrid exploit/ransomware scenario, where decryption techniques don't cut it. Can you speak more about the risks associated with this newer generation of ransomware?

David: Years back, we used to see adversaries drop ransomware on us, and it would worm and run and completely encrypt an environment, halting everything. Then cybersecurity experts got really good at decrypting, making those attacks less effective. Beginning to exfiltrate data turned ransomware into a more typical exploit situation, where they have more leverage to force payment with stolen data. That's extortion. 

Darren: Many people still don't understand the full extent of ransomware today: attackers are no longer just dropping encryption software into a system and letting it run across some flat or barely segmented environment. Now, it's a calculated strategy that includes some different adversarial playbooks that we've seen in the past, combined with more traditional ransomware.

Knowing the evolution of ransomware attacks, what are the top 3 things you'd recommend organizations do to prepare and protect themselves?

Darren: The first thing is foundational: Make sure you've maximized your overall approach to reducing the risk of email-originated threats because a lot of the ransomware that makes it into an organization is still coming through that vector. People still click on links in suspicious emails — it's human nature — so a base level of security awareness training should be part of planning there. 

Also, have some kind of advanced EDR tool installed on the endpoint in the event that a malicious link has been clicked (it's bound to happen). Make sure systems are up to date and patched, and an EDR tool is on every device. We've responded to a lot of incidents where even environments that have had an EDR solution rollout have still gotten compromised because they didn't install the EDR tool everywhere. Without a full implementation, machines without EDR were being impacted. But, as mentioned before, a focus on endpoint protection, patching and email-originated threat detection is only part of the picture. 

David: With all that in mind, my final recommendation would be this: For robust ransomware protection today, you need to look at your overall security strategy — and a big part of that is segmentation. If you assume for a moment that a ransomware attack is going to happen to you at some point, what have you done to minimize the impact of this type of breach in your environment? Have you identified where your critical data sets are that you depend on each day for operations or administration? Have you segmented your operational components from administrative components to prevent the spread of malware while making sensitive data more difficult to identify? Have you considered different access controls or permissions? A lot of companies don't have data segmentation in place, even in industries where connected systems and OT/IoT are at high risk for a breach. You need to understand all of the ways that your system could be penetrated in order to understand risk more broadly.

Any final thoughts to share? 

Darren: It's really important to remember that segmentation applies to backups, as well. Making sure that your backups are viable and accessible in a timely fashion, should a ransomware attack require it, often means the difference between paying a ransom and not — just to get back to business at the speed work happens today. 

David: Your segmentation strategy should have a recovery component to it so that your backup environments reflect the operational segments you put so much work into in the first place. If these focus areas have any gaps, the risk that ransomware will escalate into an issue for your business is much higher than if you have all of these protections in place.

Are you currently affected by ransomware? Contact us now and learn how we can help.

Latest Trustwave Blogs

How Deepfakes May Impact Upcoming Elections Worldwide

The common fear regarding election interference is that a threat actor will gain access to either ballot machines or the networks that tally votes. However, there is a much easier method a person...

Read More

Get to Know MXDR: A Managed Detection and Response Service for Microsoft Security

The Microsoft 365 E5 license gives users entitlements to numerous Microsoft Security products—so many, in fact, that as companies deploy the Microsoft Security suite, they may need a managed...

Read More

Trustwave eBook Now Available: 8 Experts on Offensive Security

It is now obvious that defensive measures alone are no longer sufficient to protect an organization from cyberattacks. Threat actors are increasing their capacity at such a rate that merely sitting...

Read More