The unprecedented surge in ransomware attacks has made effective cybersecurity and defense a top priority in today’s world. Every day, new ransomware attacks are reported by businesses and government authorities alike, not to mention the attacks that go unreported, and it seems like no one is immune.
Recent high-profile incidents have demonstrated the societal ramifications of these attacks. According to a recent industry report, the Middle East and Africa region was the fourth-most attacked region worldwide in 2021, with the UAE and Saudi Arabia being among the top countries attacked regionally.
Most IT and security professionals prioritise restricting the spread of ransomware due to it’s potential to damage vital infrastructure, leave entire cities unable to perform essential services, and even prevent patients from receiving necessary care.
In the event of an attack, not only do organisations have to mitigate the impact on operations in the immediate aftermath of being locked out of critical systems or missing key data, but IT teams need to be prepared to simultaneously initiate repair and recovery efforts. Even when firms maintain regular backups, there is no guarantee that they will be able to protect and retrieve all their lost data in the event of an attack. The most effective protection against ransomware is to stop it before it can spread, which includes ensuring constant communication between networking and security teams.
Prevention vs. remediation
The challenge with ransomware is that, once it’s discovered, it’s difficult to manage and mitigate the threat without disrupting operations.  Therefore, targeted organisations should focus their efforts on mitigating attacks.
IT leaders can help minimise the risk to their organisations by emphasising the importance of training so that their team can better identify potential attacks, such as phishing activities. Similarly, it is essential to maintain network hygiene through continuous monitoring of linked devices and ensure regular upkeep of core systems to mitigate potential attack vectors.
It’s also important to note that to limit their exposure to ransomware threats, many organisations are deploying an additional layer of defense at their network perimeter, between the internet router and firewall. This approach to preventing ransomware attacks involves identifying and blocking indicators of compromise on the network when other security components of the security stack fail. A security appliance installed at the network border can block malware before decryption happens, for example, defending against a DDoS attack – another common attack tactic used by ransomware extortionists.
Utilising automated edge defense systems such as regularly updated threat intelligence feeds can immediately identify when devices are attempting to connect to IP addresses known to be associated with malware or command and control servers, preventing ransomware threats like Log4j from being missed. Networking teams can then disseminate this threat intelligence to eliminate potential risks. However, in order to do so, networking and security operations teams must be in sync with documented systems that use the same data.
Networking and security collaboration
Prior to the pandemic, IT and security departments were often segregated, especially in big enterprises. Security teams, for example, focused on limiting attack exposure, whilst networking teams facilitated access to core resources and applications. Moreover, they often used separate systems and data specific to their functions.
Remote and hybrid working models have essentially increased the number of access points to enterprise networks, thereby increasing the attack surface that security teams much now defend. Consequently, an increasing number of IT leaders are now urging their network and security teams to collaborate and centralise resources. This trend represents the adoption of new technologies that combine networking and security, such as zero-trust network access (ZTNA) and allocations that emphasise security investments as a share of the overall IT budget.
How cyber resiliency shifted from being a security initiative to a business strategy
Stronger together
Protecting organisations against the threat of ransomware requires constant communication and standardised protocols based on a single source of truth that’s readily available and accessible to both groups. Packets don’t lie, which is why organisations need to focus on optimising smart network data when continuing to build bridges between networking and security operations.
Leveraging smart network data as an indicator of network health and a mechanism for threat identification and investigation provides NetOps and SecOps teams with new opportunities to demonstrate their respective value and expertise. As a result, they can enable quicker and more comprehensive responses. With ransomware attacks becoming more sophisticated each year, it’s not merely the tools that will protect organisations and limit the impact of ransomware but the people behind them that will make a difference.
