Since the start of the COVID-19 pandemic in 2020, cyber-attacks and in particular ransomware attacks have been on the rise and no organisation is too big or too small to be vulnerable. Shifts in working practices, increasing use of the cloud and the vast amounts of data organisations hold, make them an ideal target for a ransomware attack.
In today’s data-driven world and with the increase in remote working, organisations view ransomware attacks as a ‘when’ rather than an ‘if’. A ransomware attack has the ability to disable an organisation, by corrupting or deleting data they rely on for day-to-day business activities until the ransom is paid.
But even after the ransom demands have been met there is no guarantee that the data will be returned and even if it is the damage to the organisation’s reputation may have already been done.
And while many organisations have robust defences in place to protect against such attacks many have not considered the crucial role that Privileged Access Management can play in their cyber security strategy and how it can help them strengthen their security posture by reducing the threat surface.
The privileged access risk
Privileged accounts are a prime target for attack, and threat actors will do their research to identify those with the highest privileges and put them at the top the target list.
Employees with the highest privileges provide hackers with the best opportunity to cause more damage, as they have high levels of access to the valuable data that attackers want to take control of and use to hold the organisation to ransom.
Once they have compromised an account and gained access to the system, attackers map the network in order to gain access to higher value assets and elevate privilege rights so they have the freedom to roam around without detection.
One of the biggest risks comes from employees having elevated privilege access that they do not actually need. Adopting a least privilege approach reduces this risk and ensures that employees only have access to the resources and applications they need to perform their role.
This provides an added layer of protection. Should a least privilege account be hacked the hacker will have limited access and any attempts to escalate their privileges are more likely to be detected as anomalous behaviour.
Stop malware and ransomware at the endpoint
Providing users with privileged access gives them the ability to install and execute applications without them being vetted by IT to ensure they are approved and trusted applications. This increases the risk of being compromised by malware or ransomware and giving malicious attackers an open door to enter whenever they wish.
It is best practice for organisations to implement security controls that prevent any application or tool from being installed onto the system through using Application Whitelisting, Blacklisting, Dynamic Listing, Real-Time Privilege Elevation and Application Reputation and Intelligence.
Adopting this approach in addition to least privilege is one of the most effective ways of securing your defences against a serious security incident.
Assess who needs privileged access
Ensuring only those who need privileged access are granted it, for the shortest amount of time and at the correct level can help reduce the attack surface. Organisations should continuously audit and discover privileged accounts and applications that require privileged access to ensure they are only giving privileges to the users and applications that need it.
It is crucial that administrator rights are removed when they are no longer needed and that organisations adopt multi-factor authentication to strengthen their defences and mitigate the risks of user accounts from being vulnerable to compromise.
Organisations should also consider training on password best practices to educate employees on the importance of using strong passwords and why they should avoid using the same password for corporate and personal accounts. And how using the same password across accounts can introduce an additional external threat.
Next Steps
Ransomware is on the rise and with it comes an increasing risk. Phishing attacks are being used to access, corrupt and delete sensitive data that restricts access and shuts down systems that are critical for day-to-day business. Resulting in financial loss and reputational damage that can take years to overcome.
These attacks are not only increasing in prevalence but also in sophistication. To discuss PAM with one of our experts get in touch.
Explore the recommendations users and administrators can take to protect their networks and the additional steps that can be taken to prevent a ransomware attack.