Skip to main content

Three ways to bolster endpoint resilience in the face of ransomware

(Image credit: Image source: Shutterstock/Nicescene)

This June, two municipalities in Florida were the victims of dreaded ransomware attacks, and both agreed to resolve their nightmare by paying the cybercriminals to recover their systems and files.

According to the FBI, billions of dollars are lost every year restoring systems hit by such attacks, but the agency still does not support paying the ransom in response to attacks; for starters, it doesn’t guarantee an organisation will get its data back. So, when attacks like this hit, victims are left with the question of whether to comply with hackers’ demands or be left out of commission for an undetermined amount of time and a nebulous view of the damage incurred.

Since no organisation wishes to confront such decisions, it’s imperative that they are as prepared as possible. Adding resilience to an organisation’s security strategy is one way to contain a ransomware outbreak. To minimise risk, IT teams need increased visibility into all their devices for information about the presence and health of patch management and other endpoint security applications. Today’s technology allows for much of this to be automated, ensuring that security solutions are properly installed and effective.

Three steps to better protection

Small steps can have a tremendous impact and can help increase resilience and ensure better protection in the face of ransomware criminals.

Increase visibility

Visibility into the health and efficacy of endpoints is a key element in building a solid security strategy. By identifying all endpoints and maintaining clear visibility into them, including those that are inactive and often easily forgotten, one can both ensure compliance with federal regulations and be better prepared for hackers who target weak links. Though most organisations assume that more than 95 per cent of endpoints are compliant with required applications and patches, the reality is that 28 per cent of endpoints are unprotected at any given time. Constant visibility over endpoint devices, data and applications — whether they’re on or off the network - ensures that administrators can easily identify which devices may still be vulnerable to attack and take appropriate remedial actions.

Devices are regularly being re-imaged, and critical applications are often disabled or in a state of disrepair. These ‘dark’ devices remain outside the control of IT and without the protection of the network, which ultimately poses a significant threat to data security. In the event of a security incident, these devices may no longer have the security controls needed to prevent an incident from escalating to a full-scale data breach. Endpoints – and in particular, ‘dark’ endpoints – are an ever-present danger to organisations. Total visibility and situational awareness are crucial to combating this threat, and lead to preparedness and better protection.

Patch continuously

According to the Ponemon Institute, the average time it takes organisations to patch is 102 days. At a time when zero-day attacks are four times more likely to compromise organisations, patching agents have quickly become one of the most vital protection mechanisms.  However, research finds that 75 per cent of patching agents report at least two repair events in one month, and 50 per cent report three or more repair events in the same period. Additionally, five per cent could be considered “chronically ill,” with 80 or more repair events in the same one-month period.

As complexity multiplies, emerging technology is essential. Artificial intelligence (AI) has transformed patching into a continuous and ongoing process that requires less maintenance but significantly broader coverage. When 19 per cent of endpoints require at least one repair within 30 days, a continuous patching strategy proves invaluable. Continuous patching ensures the maintenance of all endpoints, even those that have become dark.

Ensure endpoint control

Implementing additional data security measures that are unique to the network can increase control over all endpoints. By implementing an approach that is unique and tailored to the higher education industry, Wichita State University (WSU) has been able to remove blind spots and track school-owned devices, even after those devices leave the secured school network. By doing so, WSU has been able to increase their visibility and gain more all-encompassing control of these endpoints.

Strategies like these, when combined with more complex capabilities like persistence technology, provide a single source of truth into all endpoints and therefore drive a more dynamic cybersecurity approach in the face of ransomware attacks. Persistence technology ensures the ability of an endpoint to self-heal if a user tampers with the security agent on a device and increases visibility into exactly who is accessing a device and when. Not only does this strengthen cybersecurity preparedness, it also has an impact that can be more widely felt. The ability to deploy and confirm full disk encryption, track and lock devices, or freeze and wipe the data - combined with the ability to manage and secure the endpoint population - has helped organisations gain and maintain ongoing compliance with HIPAA, PCI-DSS, FERPA and other requirements.

While we may debate the pros and cons of paying ransom, it’s impossible to debate the importance of resilience. Although organisations may feel unprepared in the face of a ransomware attack, there are quick actions to take that can deter criminals’ efforts and alter the ending of the story. In today’s climate, increased visibility, continuous patching and endpoint resilience are no longer security bonuses, they are requirements that may be the difference between a successful crime and a thwarted attempt at paralysing an organisation.

Todd Wakerley, Executive Vice President of Products, Absolute