Half of all ransomware attacks are easily preventable

More than half, 53% of ransomware attacks are the result of known vulnerabilities. That’s according to Keanan Ball, senior director of product marketing at Kaseya, speaking at the recent Computing Cyber ​​Security Festival.

With ransomware incidents rising rapidly, and with a particular spike during the pandemic when many people began working remotely, this figure seems almost unforgivable, but it’s really the result of overstretched IT and security teams, Ball said.

“76% of IT professionals report an increasing workload. So you look left and you look right, probably both of those people are burnt out and if one of them isn’t it’s probably you. And if you work from home. , look in the mirror – it’s real strong chance it’s you.”

Also Read :  Opinion| Metaverse: Game of Mood Management & Psychological Mapping!

Overstretch means that patches for known vulnerabilities are not applied in a timely manner, and of course attackers actively target such vulnerabilities as entry points for their ransomware.

Other areas of vulnerability include Microsoft 365, whose ubiquity and complexity make it a prime target for threat actors, and ports left open by accident or design.

“Make sure you have the right firewall settings. Make sure you close that door. An open door to attackers is a very easy way for them to target you.”

Other common weaknesses occur with loose permissions.

“The proliferation of the user count of privileges is a huge problem.” Ball said. “Your CEO doesn’t need admin-level permissions unless they’re actually doing that admin work. Especially in internal IT, don’t let anyone be an admin, they don’t need it. Probably a lot of your team really don’t. also need to actually run scripts. Don’t let people to run scripts unless they absolutely need to.”

Also Read :  ChatGPT message from Provost Mitzi Montoya – @theU

As for best practice, automatic patching is key for both security and productivity reasons, Ball said. Remote monitoring and management (RMM) tools have an extensive library of patches and can significantly close the gap between patch release and patch application, including for remote clients.

Also Read :  iPad Pro (2022) review: I'm cautiously optimistic. Or foolish

RMM tools should be configured for early warning, including privilege escalation, snapshots deleted, and boot logs changed. MFA should be applied to all clients and unknown scripts prevented from running, and tools should be configured to automatically isolate and quarantine suspicious processes.

Ideally also, all these capabilities should be available in one RMM solutions. A major source of fatigue is having to constantly switch between custom or specialized tools, Ball said.

“We spend so much of your day just Alt-tabbing back and forth between different solutions. We call this ‘this space in between,’ and it can eat up to 25% of your technicians’ day.”


Leave a Reply

Your email address will not be published.

Related Articles

Back to top button