As society and businesses are moving gradually beyond the tectonic shifts created by the pandemic, several digital innovations define the new norm — hybrid secure work environments, digital engagement, and customer service. At the same time, the hyperconnected world will continue to face expanding cyber risks on multiple fronts. Cybercriminals are using increasingly sophisticated tactics, tools, and technologies, making the efforts of securing and building cyber defences even more challenging for organisations.
Ransomware attacks are increasing in numbers and severity
The explosive pace of digital transformation among both public organisations and private enterprises has provided criminals with a window of opportunity. As a result, there have been an increasing number of cyber-attacks in recent months, particularly ransomware. According to the Verizon 2022 Data Breach Investigations Report (DBIR), there has been a 13% increase in ransomware breaches – more than in the last five years combined.
The effectiveness of criminal gangs also reflects the growing success of the Ransomware-as-a-Service (RaaS) model. A joint advisory on ransomware issued by the FBI, CISA, NSA, UK’s NCSC and Australia’s ACSC highlight that RaaS has become increasingly ‘professional’, with well-established business models and processes. The business model complicates attribution because there are complex networks of developers, affiliates, and freelancers.
One of the most important “service providers” that RaaS criminal organisations rely upon is Access-as-a-Service, known as Initial Access Brokers (IAB). These criminals provide ransomware attackers with an easy way into corporate networks, paving the way for the actual damaging attacks.
In Australia, 55% of security incidents are attributed to compromised credentials – either because of a social engineering campaign or a credential stuffing attack. Ransomware attacks accounted for 23% of all cybersecurity incidents, however, compromised credentials can be further used to launch other attacks, including ransomware.
MFA blocks unauthorised access to networks
Digital businesses are boundaryless organisations and the new frontier to defend is the digital identity of people, apps, services, and machines. As a result, access management models are now being re-conceptualised to offer the right level of business resilience, as well as deliver critical authentication features suitable for multi-cloud computing environments.
A significant element of a robust access strategy is the deployment of multi-factor authentication. “When implemented correctly, multi-factor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network,” highlights the Australian Cyber Security Centre (ACSC).
Multi-factor authentication is a great preventive security control since it makes the lives of criminals much harder. Criminals are always looking for the easiest way into corporate networks. Compromised credentials offered for sale on the Dark Web promise a great return on investment for every attacker. Considering the proliferation of compromised credentials on the Dark Web and the effectiveness of phishing campaigns, we can say that criminals do not break into systems and networks, they log in.
MFA mechanisms mitigate cyber-attacks when an account is compromised and reduces unauthorised access since the attacker needs to pass the required combination of factors during authentication. Setting up and enforcing MFA across an enterprise places obstacles in the attackers’ pathway, preventing the breach of data stored in multiple locations, both on-premises and in the cloud.
Laws and regulations in the United States and European Union are now mandating the deployment of MFA. Standards like the recently updated PCI DSS 4.0 require MFA to secure accounts in business environments. MFA is also a prerequisite for getting cyber insurance coverage. The discussion therefore is not whether to deploy MFA, but rather what type of MFA to deploy. To reduce the possibility of sophisticated criminals bypassing MFA, security researchers and regulators suggest implementing phishing resistant multi-factor authentication, such as FIDO2 security keys.
MFA is an important element of your access policy
Ultimately, a robust MFA deployment will become the cornerstone not only of preventing ransomware attacks but also to implement a modern access security policy. Your access policy should be risk-based, contextual and scalable to be able to cater to diverse business requirements. Your employees are accessing data and resources using a variety of devices and networks; therefore, your access policy should be flexible and scalable enough to balance security with experience.
A modern access security policy will enable your organisation to:
- Evaluate whether a user is properly authenticated
- Isolate the resource the user is attempting to access
- Determine if the request is from a trusted, stolen, or third-party device
- Confidently decide whether access should or should not be granted
Align prevention with business continuity
Access control with MFA at its core is only one part of your ransomware defence strategy. You should align your preventive security with your business continuity and recovery plans and operational goals to ensure that your data is protected through multi-layered defence controls.
Somerville offers a robust portfolio of services and solutions to help you protect your data in the cloud. Download our whitepaper to discover how to achieve cyber resilience in face of the evolving threat landscape.