Most organizations still don’t have the basics to tackle ransomware: vendor

Content of the article

The failure of information security officials to implement basic controls over privileged access accounts is one of the main reasons ransomware attacks are successful, according to a report from the vendor.

Content of the article

“Overwhelmingly, the most concerning finding in our data was the widespread lack of
basic controls over credentials and privileged access, ”says the study from Axios, which sells a cyber risk management platform, after studying anonymized data from more than 100 organizations that have used its ransomware readiness assessment tool.

The overall finding of the study, published Tuesday in a report titled State of Ransomware Preparedness, is that most organizations surveyed were not sufficiently prepared to manage the risk associated with a ransomware attack, in large part because many were not still lack the basic cybersecurity controls necessary to stem an attack.

Among the discoveries:

–Almost 80 percent of organizations using the tool had not implemented or only had
partially implemented a privileged access management solution;
–Only 36% regularly verified the use of Windows service accounts, a type of privileged account;
–Only 26% denied using command line scripting tools such as
PowerShell by default;
–69% did not restrict Internet access for their Windows domain controller hosts;
–Only 29% assessed the cybersecurity posture of external parties before allowing them access to the organization’s network;
–Only half conducted annual user awareness training for employees on emails and
web-based threats.

Content of the article

“Organizations may have forgotten to maintain the most fundamental cybersecurity practices,” the report says. “They fail on the basics. Although it cannot
Fully explaining why organizations are increasingly falling victim to ransomware attacks is undeniably a contributing factor.

What the report’s authors said was the most concerning finding was the widespread lack of
basic controls over credentials and privileged access.

Ransomware attackers often prioritize ‘training’ attacks to gain access to privileged credentials so that they can be used to develop attacks.
and more destructive campaigns, according to the report. Using privileged credentials to
ransomware attacks usually result in much more extensive and generalized control
on an organization’s network and IT resources, making it much more difficult
eradicate.

Content of the article

At least 70% of ransomware readiness tool users said they
do not impose restrictions on where privileged credentials can be used (for example, they allow use on infrastructure that is not intended for administrative work), 63% did not fully or widely implemented two-factor authentication for using privileged credentials, and only 42% reported recording activities performed with privileged credentials.

The report urges CIOs and CISOs to

–Assess their commitment to controlling and securing privileged identification information;

–Improve the defensive posture of their operational environments;

–Check their level of supply chain risk;

–Maintain and update their ransomware incident response plan;

– reassess their capacity to manage vulnerabilities.

The full report is available here . Registration is compulsory.

The post office Most organizations still don’t have the basics to tackle ransomware: vendor first appeared on TI World Canada .

This section is powered by TI World Canada. ITWC covers the business IT spectrum, providing news and information to IT professionals aiming to succeed in the Canadian market.