Once again, the world is hit with another ransomware attack. Similar to the WannaCry Ransomware cyberattack last month, Petya is causing major pain among thousands of users, this time crippling banks and infrastructure in what cybersecurity experts called one of the most-devastating digital intrusions of its type. In fact, not only are we seeing an increase in the frequency and sophistication of threats, but security data is growing in volume and complexity, data assembly is labor and time intensive, and infrastructure scale and complexity make it hard to protect the organization.
These issues lead to
- Difficulty in identifying threats and detecting a breach
- Increased cost of threat detection and management
- Inability to respond to constant attacks
- Slow to translate threats into security policy changes
- Increased risk of compromise (e.g., data loss, data breach)
- Skilled employees focused on low-value operational tasks
- Outages – lost revenue, reduced business productivity and lost opportunity to improve security
- Data loss, tarnished reputation, cleanup costs and/or breach disclosure
If ransomware attacks are becoming commonplace, organizations need to have tools for reducing their security risk and increase their rapid threat response.
Reducing Security Risk
FireMon’s Risk Analyzer is a Risk Vulnerability Management tool that prioritizes risk remediation efforts. This tool overlays vulnerability data on network security configurations to identify contextual risk (e.g., exploitable hosts), scores vulnerabilities by level of risk to prioritize remediation efforts, and scores firewall rules by the risk they expose to prioritize remediation efforts.
It’s all about being proactive
Cyberattacks are inevitable. The impacts don’t have to be. If an organization is proactive about their security practices, the impacts from these attacks like Petya and WannaCry can be marginalized. Using tools such as Risk Analyzer for contextual risk assessment to find network path vulnerability are key to whether or not an organization will be prepared for next time. And there will be a next time.