Best Practices To Protect Against Ransomware Threats From The Inside

Bryan Christ

March 22, 2022

Throughout 2021, the number of attacks and headlines ransomware generated grew exponentially. Ransomware is now part of 10% of breaches, and it doubled in frequency in 2021, according to the 2021 Verizon Data Breach Investigations Report. Not only are these attacks growing in number, but they are also growing in complexity and sophistication. The external threat they bring continues to be a hot topic in the media and with industry analysts. There is another facet of ransomware attacks, however, that has not received the same attention: insider threats.

Ransomware insider threats are on the rise. Lapsus$ Ransomware group is now aiming to recruit insiders as a way into top technology companies like Microsoft, Apple, EA Games, and IBM. Lapsus$ has pointedly broadcast its intent to pay insiders of telecommunications, large software and gaming companies, call centers, and server hosts for network access.

When it comes to these threats, no matter what the source from the inside or out, a proactive approach beats a reactive response every time. What steps can you take today to prepare for ransomware prevention even from insider threats? And what blend of strategy and technology can you employ to secure your networks against this new wave of ransomware risk? 


The Approach and Risk

Sixty-five percent of IT and security executives say they or their employees have been approached to assist in aiding ransomware attacks, according to a recent Bravura Security survey. This stat is a 17% increase compared to a similar study in fall 2021. Company insiders are primarily approached by email (59%), although phone calls (27%) and social media requests (21%) were also common denominators.  


If hackers have approached you to assist, there’s a significant chance that your organization will become a victim of a ransomware attack. Of those ransomware actors solicited, 49% experienced a breach anyway, so your organization’s cybersecurity measures must account for internal and external threats.


Where the Perimeter Falls Short

Although many security and IT executives consider themselves prepared to defend against ransomware, heavy reliance on perimeter defense may yield a misguided sense of security. Roughly half of the executives feel moderately equipped on how to prevent ransomware, with 4% saying they feel most prepared. However, 45% of decision-makers stated that they mostly rely on perimeter defense, with 6% exclusively perimeter defense.

Over one-third of IT and security leaders are more concerned about external threats than internal ones. But when thinking about internal risks, many may fail to account for expanding IT perimeters, device proliferation, and the new hybrid work paradigm. These have significantly increased the ransomware attack surface for many enterprise organizations. 

Conventional methods of one-time authentication, VPN, and fence-based networks fail to account for ransomware threats (internal and external). IT leaders must account for this new borderless digital environment by implementing an access management-powered security strategy.


Tackle Authentication and Tie Up Loose Passwords

Now more than ever, in the face of internal (and external) risks enterprise organizations need secure authentication as a foundation to stay competitive. However, passwords have long been the weak link in the security chain. Poor password hygiene and weak authentication can make them increasingly susceptible to social engineering and theft. 

You can combat password vulnerability with strong password policies, which mandate string length, a mix of character types, and capitalization rules. Your organization can also force user password changes at set intervals. Once your policy has been established, an enterprise password manager like Bravura Safe can ensure they are strong and not known to be compromised in the wild. Then, federated SSO, JIT access, and MFA can take it to the next level. 

The number one cause of data breaches and ransomware attacks still remains compromised passwords and credentials. Often, this is the result of employees creating weak passwords, reusing existing ones, or a combination thereof. Many organizations understand the risks and challenges in a highly connected world and are adopting strategies like Zero Trust to improve their operational maturity.

In concert with this, organizations can take immediate steps to secure loose employee passwords for a quick win. These kinds of passwords are often created and reused across personal and professional websites and logins increasing the exposure of any organization where they have done so. Far from being careless, employees make these poor decisions because they have too many passwords to remember. One survey concludes that the average person has more than 70 passwords!  A solution like Bravura Safe empowers employees and teams to create strong passwords in a central repository.  By making these passwords strong and complex, but available on any device and at all times, users can be assured they won’t have to remember it--ever. In the case of a suspected breach, all passwords can be locked and changed on demand to stop the damage.


Implement Identity-First

The core challenge of tackling omnidirectional threats is locking down access across your network outside and in. Many organizations struggle to find the balance between security and user freedom. This imbalance all changes when you build a foundation with identity-first. By implementing an identity-based security strategy across every technology, on-premise and in the cloud, you can ensure only the right people have the right level of access, and in the right context, continuously without adding friction.

Automation through an identity access management (IAM) solution like Bravura Identity will save IT time and further reduce your organization’s attack surface. 


Elevate Privilege

Credentials and privileges are power to ransomware hackers. By adhering to the Principle of Least Privilege, users are provisioned with the minimum access necessary to perform a specific job or task and limit their access for a finite period of time–and nothing more.

The complexity of this process often requires an enhanced privileged access management (PAM) solution like Bravura Privilege that guarantees every identity receives access to sensitive systems only after they have been properly, and contextually authorized.


Convergence For What’s Next

Combating internal (and external) ransomware threats requires an all-encompassing identity-based security strategy. Segmented and piece-meal solutions will leave holes and vulnerabilities that ransomware attackers can exploit. 

Move beyond disconnected systems and providers with one suite of identity-based security solutions in the Bravura Security Fabric. The platform includes password management, management of decentralized secretsidentity access management, and privileged access management capabilities that will evolve as you scale.

Transform your digital identity and access security culture to fight ransomware insider threats with Bravura Security Fabric.