Ahead of the five-year anniversary of NotPetya (June 27th), cybersecurity leaders from Gigamon, DigitalXRAID and CYFOR Secure have weighed in on what has changed, and how organisations can protect against future large-scale ransomware attacks.
Mark Coates, VP EMEA, Gigamon says, “In the five years since NotPetya, the threat from ransomware has become both critical and unpredictable. And with organisations scrambling to implement the latest technologies and processes to protect their IT infrastructure, they’re not always getting it right.”
Hybrid cloud infrastructure
“A recent Gigamon survey found that an over-reliance on endpoint protection could be putting organisations at a higher risk of ransomware exposure. While 96% of Infosec professionals consider endpoint detection and response (EDR) to be the most important tool in their arsenal against ransomware, only 4% are very confident they are prepared for an attack.”
The emphasis on advanced, next-generation technologies ignores the need for greater observability"
“Often, the emphasis on advanced, next-generation technologies ignores the need for greater observability into network and host operations within their environment. Focusing first and foremost on obtaining deep observability into and across hybrid cloud infrastructure, organisations can overcome blind spots where malicious actors lurk before deploying ransomware. Through being proactive in reducing dwell times, during which cyber criminals covertly gather intelligence, deep observability is key to amplify existing monitoring and observability tools to mitigate security and ransomware risks.”
Cyber insurance market
Rick Jones, CEO, DigitalXRAID says, “NotPetya formed the start of what we can only describe as a ransomware crisis, ushering in an age of increasingly frequent and damaging cyberattacks. Not only has NotPetya been labelled a ‘watershed moment’ for the cyber insurance market – catalysing the growing rigidity of clauses and rise in premiums – but, along with countless ransomware attacks that have followed in its wake, has left organisations across all industries at risk of a critical attack.”
“But in a climate where risk transference with cyber insurance is no longer a readily available form of cyber protection, how can businesses best protect themselves from ever-growing ransomware threats? For organisations of all sizes, proactive cybersecurity is key.”
“A ‘security-first’ cultural shift must occur within organisations to reach a point where cybersecurity is accepted as a company-wide issue and responsibility. Working towards this with regular training programs and phishing simulations to educate and train employees, businesses can also be proactive with threat detection and mitigation.”
Windows-operated machines
NotPetya is the perfect example of how an attack on the supply chain can cause disruption"
Lawrence Perret-Hall, Director at CYFOR Secure says, “NotPetya became ‘the most economically damaging cyber-attack of all time’ by using EternalBlue to enter and exploit Windows-operated machines with unpatched security. The most crucial takeaway here is that, while small businesses may think they are exempt from becoming targets of such large-scale attacks, a ransomware breach is always possible – a fact only exacerbated by the war in Ukraine and tensions between the West and Russia.”
“NotPetya is the perfect example of how an attack on the supply chain can cause disruption and destruction across a vast range of businesses, of all sizes. To combat this, both back-ups and staff training are efficient, cost-effective, and proactive ways that organisations can better safeguard themselves from ransomware and assist with recovery in the event of an attack.”
Better cyber hygiene
“A blend of small and frequent, full, and long-term back-ups offers more substantial protection when implemented in tandem with encrypted, offsite storage. Meanwhile, regular staff training initiatives help to emphasise the importance of cybersecurity across the entire organisation and highlight simple and easy ways to implement better cyber hygiene on a day-to-day basis.”
“However, having an Incident Response (IR) plan and business continuity playbooks to support with quick remediation following the event of an attack is crucial. In cybersecurity, it’s not a question of ‘if’ but ‘when’, and organisations need to have the resource and the expertise readily available to combat an attack quickly and efficiently when it inevitably occurs.”
