Menlo Security recognized as leading enterprise browser company in GigaOm’s ZTNA report.
Icon Rounded Closed - BRIX Templates

Ransomware: Looking beyond endpoint protection


The last year has been one of the most active in the previous decade in cybersecurity. More than 1,000 data breaches took place in the United States alone, with a total of 155 million individuals impacted by data exposures, according to Statista. But when it comes to ransomware, the data on this insidious type of cyberattack is even more alarming.

Botnet attacks once ruled the threat landscape as the preferred method for threat actors to cash in, but ransomware quickly took its place. Data from Bitdefender's Mid-Year Threat Landscape Report 2020points to a 715 percent increase in ransomware attacks in 2020 globally. Email phishing campaigns, remote desktop protocol vulnerabilities, and software flaws are the most common means of infection.

What’s led to this distressing increase, and what can modern-day security professionals do to protect the business? The answer isn’t found on the endpoint.

The perfect storm: The 2020 threat landscape

First, let’s put the threat landscape into context when it comes to the events of the last 15 months. Yes, 2019 was a year for the record books regarding ransomware, especially considering that more than 900 U.S. government agencies fell victim to attacks. But the COVID-19 pandemic is what really put organizations into a tailspin in 2020, says Vinay Pidathala, director of security research at Menlo Labs.

“The rise of ransomware in 2020 can really be attributed to a culmination of things,” Pidathala says. “You have a sudden change in which organizations moved to remote workforces worldwide. Employees are also adjusting to working from home while balancing other duties at the same time, like taking care of their kids and household chores.”

These abrupt changes had a pretty significant impact on employee awareness related to remote work, leading to careless use of the Internet and not paying close enough attention to the barrage of emails that are coming in—resulting in risky behavior that could be costly for businesses.

“User awareness really took a hit,” Pidathala says. “Challenges were also presented when it comes to endpoints. In many cases, personal laptops are being used to conduct work, and those devices may not have built-in security defenses. These are the same devices being used to tap into the company’s network via virtual private networks.”

Virtual private networks (VPNs) have historically created challenges for employees when it comes to impeding productivity. And now they’ve recently made headlines as the target of threat actors to deliver the Cringe strain of ransomware. For modern enterprises grappling with the pandemic’s challenges, managing this remote workforce meant tapping into new technology to facilitate productivity and bolster the business. Naturally, this resulted in a lift-and-shift from on-premises equipment to scalable, cloud-based services. This move is where the attack surface drastically expands for enterprises, Pidathala says.

“Cloud technology as a concept is still fairly new, and many organizations are just beginning to tap into its benefits,” he says. “At the end of the day, companies don’t truly understand the nature of the cloud and the features it offers. Because of that, a lot of mistakes are made that result in increased cyber risk.”

Couple that with complex security mechanisms built into cloud services, and you have a playing field for attackers that’s immense, Pidathala adds.

“When you take into account the impacts of COVID-19 outside of work, the shift from on-premises to the cloud, and a workforce that immediately became remote, it’s the perfect storm for threat actors to take advantage of.”

Looking beyond endpoint protection

So, what’s the answer to finally get control of this ransomware dilemma? As with many cybersecurity cases, there isn’t a silver bullet, but the closer you get to overcoming the obstacles presented by the human element (aka your employees), the closer you are to the answer.

“As employees, we have a cognitive bias," Pidathala says. “When we see something that has a green icon in an address bar, we associate that with a safe website. We’ve been conditioned over the years to distinguish visually between good and bad. But that bias is what attackers are taking advantage of.”

For security operations center (SOC) practitioners, it’s a tough job to alter this behavior that employees have built up over the years. Security awareness training is essential in every cybersecurity strategy, but most of these programs are one to two steps behind a threat actor’s tactics and techniques. This doesn’t help, given that ransomware is increasingly being operated by humans that have specific targets.

Suppose there’s a breakdown at the human element part of the equation. In that case, the next step is a technological solution that can prevent something suspicious from ever reaching the user’s endpoint in the first place.

“You can always wait for something suspicious to reach the endpoint and then hope the user doesn’t click the bad link, but at that point, it’s likely to be too late,” Pidathala says. “Why even let it get to the endpoint when you can block it over the network?”

It’s a matter of taking a prevention-based approach to cybersecurity versus the legacy detect-and-respond method that has resulted in significant losses for businesses. The first step is to consider taking a Zero Trust approach to security, which assumes that no traffic should be trusted. This includes browser-based Internet traffic, in addition to the content featured in emails and document attachments.

To get there, many organizations currently have legacy on-premises, appliance-based proxies that conduct the standard URL filtering and sandboxing. But modern work requires modern security, and given today’s workforce, that’s not enough to stop ransomware in its tracks.

“Today, you need to have a security-first proxy that’s able to scale,” Pidathala says. “These new proxies completely isolate and eliminate cyber risk in the cloud without ever letting malicious traffic reach the endpoint.”

Then there’s scale. Today’s enterprise is constantly and rapidly changing. That’s why cloud technology is so important—it can meet the changing demands of the modern business.

“The same elasticity must also be featured in the security layer,” Pidathala adds. “This allows it to scale to any number of employees and the growing needs of an enterprise.”

While there’s no single remedy for ransomware, an approach that keeps malicious code from ever reaching the network perimeter—which relies on isolation-powered cloud security—could potentially shut the door on malware for good. Detection should play a role in a cybersecurity strategy, but focusing on prevention is the strategy that will ultimately give the business and its employees the security they need to thwart ransomware attacks for good.

To learn more about overcoming ransomware threats, download this Gartner report that highlights how you can build a preparation plan to minimize the financial and business risks tied to this cybersecurity threat.

Menlo Security

menlo security logo
linkedin logotwitter/x logofacebook logoSocial share icon via eMail