Ransomware attacks make headlines every day, and there is plenty of research to indicate they're a growing threat. According to Check Point Research, one in every ten organizations worldwide was hit by attempted ransomware attacks in 2023, up 33% from the previous year. Cryptocurrency analysis firm Chainalysis says ransomware payments exceeded $1 billion for the first time in 2023, and those rising costs don't include remediation and productivity and revenue losses associated with attacks. Government agencies and industry experts expect the threat to become even more formidable in the next few years, particularly with the emergence of AI.
Overburdened trying to get their arms around a growing attack surface to protect their organizations from rising attacks, nearly two-thirds (63%) of security professionals believe their jobs have become more complex over the past two years. At the same time, in a survey we commissioned, 92% of NetOps teams feel overlooked in their contributions to ensuring company security. Therein lies the secret to how organizations can help security teams have a more manageable workload and strengthen security in the process.
Given the implications of a ransomware attack on a business, it’s clear that security is a business problem, not a security problem, so the entire business needs to get behind the solution. Unfortunately, less than one-third (31%) of security pros surveyed claim their organization considers cybersecurity a shared responsibility.
The good news is that ransomware presents an ideal opportunity for organizations to get more employees actively engaged in helping to mitigate risk to the organization. Employee education and providing one-click reporting of suspected phishing attempts are prominent places to start since most ransomware attacks are initiated by phishing.
Continuing a layered defense strategy, when an attacker does infiltrate the environment and attempts to move laterally, your NetOps team can have a bigger role in protecting against ransomware than is sometimes realized.
Ransomware infections typically start with endpoints, which are often the purview of IT administrators and security teams. However, within the ambit of your network team, issues with outdated devices, improperly configured firewalls, segmentation strategy, and managing the overall complexity of modern networks also present risks.
Here are four areas within NetOps where network teams can focus to help prevent ransomware from entering the enterprise and, should it enter, stop it from propagating across the network.
1. Prioritize device updates with risk-based vulnerability management. In 2023, there were 50 ransomware variants that impacted industrial organizations alone, a 28% increase year-over-year. But not all organizations are impacted equally; it depends on the devices and versions of the devices within their environment and the criticality of their role within their operations.
Keeping software updated helps ensure that your organization has solid perimeter security to protect it from the latest ransomware. With a network automation platform, NetOps teams can track network and security device vulnerabilities and remediate them before they can be exploited. They can see the vulnerabilities that impact your actual inventory of devices to score your network risk posture to focus on patching vulnerabilities that pose genuine risks.
In the case of ransomware, remediation involves updating the firewall OS, which is a time-consuming and often after-hours activity. These updates can be automated to keep your network up to date with the latest malware definitions without overburdening your network engineers and even eliminating after-hours work.
2. Mitigate configuration drift with continuous compliance. Maintaining device configurations the way you want them to be 100% of the time is a challenge because change happens constantly. Firewalls are deployed with a compliant configuration, but configurations drift during day-to-day administration and firefighting.
Research on 905 recent ransomware incidents from 2023 indicated that 28% of organizations had issues related to network segmentation or improperly configured firewalls. Empowering the NetOps team with tools to automate configuration grooming back into compliance or maintain accurate documentation for manual remediation helps teams mitigate drift.
3. Simplify the complexity of network segmentation and stop ransomware propagation. Flat networks are a danger regarding ransomware, but issues related to implementing and maintaining network segmentation can introduce complexity and errors. Network teams can use automation to simplify administering network segmentation.
Network devices can filter ransomware and prevent it from moving laterally across network segments, limiting the “blast radius” should an endpoint become infected. Limiting the damage through proper network segmentation is an important part of a ransomware mitigation plan. Network automation can help with the complexity of managing multi-segmented networks by eliminating repetitive, manual administration that’s often the source of errors.
4. Stay on top of device lifecycle management. End-of-life devices don't get the same security updates as newer devices and threat actors know that and specifically target them. Automated notifications to network administrators when devices are end-of-life and updates will no longer be available help network engineers manage the device lifecycle. They can plan for and proactively replace devices with newer, supported versions, even automating hardware replacements to accelerate risk mitigation.
As ransomware proliferates, security has become a team sport. Now's the time to get everyone off the sidelines and embrace a strong cybersecurity culture. Your security teams will thank you for helping ease the burden. Your network teams will welcome recognition for the positive impact they can have on protecting against ransomware in your environment. Executive leadership and other key business stakeholders will appreciate the additional peace of mind that comes when threats to productivity and revenue are mitigated.
Josh Stephens is the CTO at BackBox.
Related articles:
NetOps teams, like Spider Man, have great powers and great responsibilities. Increasingly, they are adopting a Zero Trust approach to network operations to help fight their battles.
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
