Half of all ransomware attacks are easily preventable

More than half, 53% of ransomware attacks are the result of known vulnerabilities. That’s what Keanan Ball, senior director of product marketing at Kaseya, said recently Computer Security Forum.

Due to the rapid increase in ransomware incidents, and the increase during the pandemic when many people began to work remotely, this trend seems inexcusable, but the result is of IT and security teams at capacity, Ball said.

“76% of IT professionals say they are getting stressed. So when you look to your left and you look to your right, maybe these two people are burned out, and if none of them are it’s you. And if you’re working at home, look in the mirror – there’s a very strong chance it’s you.”

Also Read :  Rocket League Players Are Using Machine Learning To Cheat

The overstretch method does not require patches for known vulnerabilities at the time, but attackers tend to target vulnerabilities as entry points for their ransomware.

Other areas of vulnerability include Microsoft 365, whose breadth and complexity make it a prime target for threat actors, and ports that are open by accident or design.

“Make sure you have the right firewall settings. Make sure you close that door. An open door to attackers is a very easy way for them to target you.”

Other common weaknesses occur with weak approvals.

Also Read :  Emergency Rental Assistance Program, or ERAP, application window closing in Denver

“The spread of power user statistics is a big issue.” Ball said. “Your CEO doesn’t need management-level permissions if they’re still doing that management role. Especially in internal IT, don’t make someone a manager, they don’t need it. Maybe a lot of your groups that don’t really do it. You have to do the writing too. Don’t let people do the writing if they don’t really want to.”

For best practices, automated patching is key for both safety and efficiency reasons, Ball said. Remote monitoring and management (RMM) tools have a large library of patches that can close the gap between patch delivery and patch request, including remote clients.

Also Read :  Top Artificial Intelligence (AI) Tools That Can Generate Code To Help Programmers

RMM devices should be configured for early warning, including power ups, when snapshots are deleted and boot records are changed. MFA should be applied to all clients with unknown documents that will not run, and tools should be set up to automatically isolate and filter suspicious processes.

Ideally, all of these capabilities should be available in a single RMM solution. A big source of fatigue is constantly switching between specific tools or equipment, Ball said.

“A lot of your day is spent Alt-tabbing between different solutions. We call this ‘the space in between’, and it can eat up to 25% of or technical experts.”


Leave a Reply

Your email address will not be published.

Related Articles

Back to top button