SlideShare a Scribd company logo

Ransomware: Can you protect against attacks?

Download as PPTX, PDF
O
Osirium Limited

This document discusses ransomware attacks and how to protect against them. It notes that ransomware attacks are increasingly common, with 79% of UK businesses reporting an attack in 2021. It describes the typical attack journey ransomware takes to infiltrate a network, highlighting how attackers target privileged admin credentials to access and encrypt important systems and backups. The document recommends implementing privileged access management (PAM) solutions to protect admin accounts and automate access, which can prevent attacks by restricting installs/changes and separating people from credentials. PAM provides security, auditability, and control while empowering users. The presentation promotes the Osirium Fast Protect PAM product.

Technology
Related topics:
Cyber Attack Privileged Access Management
1 of 30
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Ransomware: How protected are you and how can you protect against attacks? Preventing Ransomware from crippling your infrastructure Mark Warren Osirium
How many organisations have been attacked by ransomware?
Ransomware is everywhere 79% of UK businesses say they’ve been attacked 68% attacked within the last year 79% 68% Source: The Osirium Ransomware Index 2021
Ransomware attacks are on the rise
When NOT If
In this session LEARN THE MOST COMMON AND DANGEROUS ATTACK JOURNEY LEARN WHY AND HOW MOST ORGANISATIONS AREN’T READY LEARN WHAT TO DO NEXT
Innovative Privileged Access Management experts Gartner Cool Vendor Recognised leader in secure process automation AIM listed since 2016
Typical attack journey Objective Maximise the “Blast Radius” of an attack
A Typical Attack: Target humans
A Typical Attack: Infect Workstation
A Typical Attack: Exfiltrate
A Typical Attack: Migrate to shared folders & devices
A Typical Attack: Find admins
A Typical Attack: Admin gets infected
A Typical Attack: Exfiltrate admin credentials
A Typical Attack: Migrate to IT systems
A Typical Attack: Make it hard to recover
A Typical Attack: All your data is at risk
Backups are damaged, data stolen
It’s no surprise the ransom might be attractive Do you agree it may be cheaper to pay the ransom than invest to prevent an attack? Unsure 15% Disagree 32% Agree 53% Source: The Osirium Ransomware Index 2021
Prevention looks hard – where are admins? Administrator accounts are everywhere Increasingly outside the IT department​ #1 target for hackers​
Ransomware: The evolving threat Ransomware is easy! • Low risk • High returns • Available as a service! Victims have two choices • Pay the ransom and hope for the best • Restore from a backup Backups are now a prime target + 900,000 new variants of ransomware every day
Backups are a target 96% of UK businesses agree that backups are a target But only 35% take extra measures to protect backups with privileged access management Backups at risk 65% Backups protected 35% Yes, often 42% Yes, always 27% Yes, sometimes 27% No, not a target 4% Source: The Osirium Ransomware Index 2021
National Cyber Security Centre Guidance Make Regular Backups There have been cases where attackers have destroyed copied files or disrupted recovery processes before conducting ransomware attacks. Ideally, backup accounts and solutions should be protected using Privileged Access… Privileged Access Management (PAM) solutions remove the need for administrators to directly access high-value backup systems. https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
How to prevent attack?
Prevent s/w install & configuration changes “Virtual air gap” separation of people from admin credentials Prevention doesn’t have to be hard
Wider benefits of PAM Right level of access, to the right accounts, for the right people, at the right time, for no longer than needed.  Credential Rotation  Detailed Auditing  Governance & Control  Vendor Access  Auditing & Compliance  Least Privilege  Zero Trust
Take protection to the next level with automation Automate IT and business workflows Always protect credentials End-to-end audit trail Users can’t do anything they shouldn’t Role-based delegation to free up admins EMPOWER PEOPLE, MOVE FASTER
Special promotion: Osirium Fast Protect  Enterprise-grade access management  Protect up to 10 devices for 3 years  1 day implementation assistance Just £4,995 Visit the Osirium stand (C50) to learn more
Questions? Simplify IT and Security Empower People to Move Faster Visit the Osirium stand (C50) to see PAM in action Selecting Osirium PAM wasn’t just about the robustness of the solution and the competitive price. It was also the professionalism of their engagement and the excellence of their support. Mark Grant, IT Infrastructure Operations Manager, NHS Lanarkshire What struck us with Osirium PAM was not just the breadth of capabilities, but also its flexibility and ease of implementation. Alex Breedon, IT Manager, Gibtelecom We had Osirium PAM up and running in under a day. Dave Pritt, IT Infrastructure Manager, Saunderson House

More Related Content

PPTX
Cybersecurity
UmairFirdous
 
PPTX
What is Ransomware? How You Can Protect Your System
ClickSSL
 
PPTX
Ransomware: A Perilous Malware
HTS Hosting
 
PPTX
Preventing lateral spread of ransomware
Osirium Limited
 
PDF
Ransomware: Attack, Human Impact and Mitigation
Maaz Ahmed Shaikh
 
PDF
AI for Ransomware Detection & Prevention Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
PDF
Ransomware - Information And Protection Guide - Executive Summary
Bright Technology
 
PPTX
Distribution Industry: What is Ransomware and How Does it Work?
The TNS Group
 
Cybersecurity
UmairFirdous
 
What is Ransomware? How You Can Protect Your System
ClickSSL
 
Ransomware: A Perilous Malware
HTS Hosting
 
Preventing lateral spread of ransomware
Osirium Limited
 
Ransomware: Attack, Human Impact and Mitigation
Maaz Ahmed Shaikh
 
AI for Ransomware Detection & Prevention Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Ransomware - Information And Protection Guide - Executive Summary
Bright Technology
 
Distribution Industry: What is Ransomware and How Does it Work?
The TNS Group
 

What's hot (20)

PDF
Take the Ransom Out of Ransomware
Unitrends
 
PDF
IT security in 2021: Why Ransomware Is Still The Biggest Threat
ETech 7
 
PDF
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
PDF
Cisa ransomware guide
anpapathanasiou
 
PPTX
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
PPTX
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Storage Switzerland
 
PPT
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
PPTX
seminar report on What is ransomware
Jawhar Ali
 
PPTX
Cybersecurity…real world solutions
ErnestStaats
 
PDF
Cambodia CERT Seminar: Incident response for ransomeware attacks
APNIC
 
PPTX
Ransomware Resiliency, Recoverability and Availability
Lai Yoong Seng
 
PDF
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
ClearDATACloud
 
PPTX
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
PPTX
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
PPTX
Wannacry & Petya ransomware
Raghavendra P.V
 
PDF
Protecting Against Ransomware
Symantec
 
PPTX
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
PDF
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
PDF
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Katherine Duffy
 
PPTX
Evolution of ransomware
Charles Steve
 
Take the Ransom Out of Ransomware
Unitrends
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
ETech 7
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
Cisa ransomware guide
anpapathanasiou
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
Webinar: Ransomware Checklist – Are You Ready For Ransomware’s Next Wave?
Storage Switzerland
 
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
seminar report on What is ransomware
Jawhar Ali
 
Cybersecurity…real world solutions
ErnestStaats
 
Cambodia CERT Seminar: Incident response for ransomeware attacks
APNIC
 
Ransomware Resiliency, Recoverability and Availability
Lai Yoong Seng
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
ClearDATACloud
 
Demo how to detect ransomware with alien vault usm_gg
AlienVault
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
Wannacry & Petya ransomware
Raghavendra P.V
 
Protecting Against Ransomware
Symantec
 
Industry reactions to wanna cry ransomware attacks
kevinmass30
 
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
Ransomware Response Guide IBM INCIDENT RESPONSE SERVICES
Katherine Duffy
 
Evolution of ransomware
Charles Steve
 
Ad

Similar to Ransomware: Can you protect against attacks? (20)

PDF
Ransomware Prevention Guide
Brian Honan
 
PDF
Practical ways to defend your business from a ransomware attack - Secora Cons...
SecoraConsulting
 
PPTX
The Best Defense Against Ransomware.pptx
Tier3MD
 
PDF
Should You Pay Ransomware.pdf
KavitaDubey18
 
PPTX
sophos-how-to-protect-yourself-against-ransomware (1).pptx
yot139149
 
DOCX
Understanding Ransomware Attacks_ How They Work and How to Protect Yourself.docx
Nina Mendez
 
PDF
Data security best practices for risk awareness and mitigation
Nick Chandi
 
PPTX
ransome_case solved.pptx
radhika457461
 
PDF
The Complete Guide to Ransomware Protection for SMBs
Protected Harbor
 
PDF
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Security
 
PDF
Ransomeware : A High Profile Attack
IRJET Journal
 
PDF
Understanding and Mitigating Ransomware Attacks
yams12611
 
PDF
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Sysfore Technologies
 
PDF
What is ransomware?
Milan Santana
 
PDF
How to Knock Out Threats from Crypto-Style Viruses
Carbonite
 
PDF
How To Prevent Ransomware
RansomwareEditor
 
PDF
FBI Memo on How to Protect Yourself from Ransomware
David Sweigert
 
PDF
2021 Cybersecurity Recap: How Did We Fare Last Year?
XNSPY
 
PDF
Malware Attacks | How To Defend Organizations From It?
SOCVault
 
PDF
Recovering Your Customers From Ransomware Without Paying Ransom
Solarwinds N-able
 
Ransomware Prevention Guide
Brian Honan
 
Practical ways to defend your business from a ransomware attack - Secora Cons...
SecoraConsulting
 
The Best Defense Against Ransomware.pptx
Tier3MD
 
Should You Pay Ransomware.pdf
KavitaDubey18
 
sophos-how-to-protect-yourself-against-ransomware (1).pptx
yot139149
 
Understanding Ransomware Attacks_ How They Work and How to Protect Yourself.docx
Nina Mendez
 
Data security best practices for risk awareness and mitigation
Nick Chandi
 
ransome_case solved.pptx
radhika457461
 
The Complete Guide to Ransomware Protection for SMBs
Protected Harbor
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Security
 
Ransomeware : A High Profile Attack
IRJET Journal
 
Understanding and Mitigating Ransomware Attacks
yams12611
 
Your Guide to tackle the Ransomware threat "WannaCry" | Sysfore
Sysfore Technologies
 
What is ransomware?
Milan Santana
 
How to Knock Out Threats from Crypto-Style Viruses
Carbonite
 
How To Prevent Ransomware
RansomwareEditor
 
FBI Memo on How to Protect Yourself from Ransomware
David Sweigert
 
2021 Cybersecurity Recap: How Did We Fare Last Year?
XNSPY
 
Malware Attacks | How To Defend Organizations From It?
SOCVault
 
Recovering Your Customers From Ransomware Without Paying Ransom
Solarwinds N-able
 
Ad

Recently uploaded (20)

PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
A Presentation on Artificial Intelligence
memembruh336
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Teaching material agriculture food technology
LiaRayya
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Modernizing your data center with Dell and AMD
Principled Technologies
 

Ransomware: Can you protect against attacks?

  • 1. Ransomware: How protected are you and how can you protect against attacks? Preventing Ransomware from crippling your infrastructure Mark Warren Osirium
  • 2. How many organisations have been attacked by ransomware?
  • 3. Ransomware is everywhere 79% of UK businesses say they’ve been attacked 68% attacked within the last year 79% 68% Source: The Osirium Ransomware Index 2021
  • 6. In this session LEARN THE MOST COMMON AND DANGEROUS ATTACK JOURNEY LEARN WHY AND HOW MOST ORGANISATIONS AREN’T READY LEARN WHAT TO DO NEXT
  • 7. Innovative Privileged Access Management experts Gartner Cool Vendor Recognised leader in secure process automation AIM listed since 2016
  • 8. Typical attack journey Objective Maximise the “Blast Radius” of an attack
  • 9. A Typical Attack: Target humans
  • 10. A Typical Attack: Infect Workstation
  • 11. A Typical Attack: Exfiltrate
  • 12. A Typical Attack: Migrate to shared folders & devices
  • 13. A Typical Attack: Find admins
  • 14. A Typical Attack: Admin gets infected
  • 15. A Typical Attack: Exfiltrate admin credentials
  • 16. A Typical Attack: Migrate to IT systems
  • 17. A Typical Attack: Make it hard to recover
  • 18. A Typical Attack: All your data is at risk
  • 19. Backups are damaged, data stolen
  • 20. It’s no surprise the ransom might be attractive Do you agree it may be cheaper to pay the ransom than invest to prevent an attack? Unsure 15% Disagree 32% Agree 53% Source: The Osirium Ransomware Index 2021
  • 21. Prevention looks hard – where are admins? Administrator accounts are everywhere Increasingly outside the IT department​ #1 target for hackers​
  • 22. Ransomware: The evolving threat Ransomware is easy! • Low risk • High returns • Available as a service! Victims have two choices • Pay the ransom and hope for the best • Restore from a backup Backups are now a prime target + 900,000 new variants of ransomware every day
  • 23. Backups are a target 96% of UK businesses agree that backups are a target But only 35% take extra measures to protect backups with privileged access management Backups at risk 65% Backups protected 35% Yes, often 42% Yes, always 27% Yes, sometimes 27% No, not a target 4% Source: The Osirium Ransomware Index 2021
  • 24. National Cyber Security Centre Guidance Make Regular Backups There have been cases where attackers have destroyed copied files or disrupted recovery processes before conducting ransomware attacks. Ideally, backup accounts and solutions should be protected using Privileged Access… Privileged Access Management (PAM) solutions remove the need for administrators to directly access high-value backup systems. https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
  • 25. How to prevent attack?
  • 26. Prevent s/w install & configuration changes “Virtual air gap” separation of people from admin credentials Prevention doesn’t have to be hard
  • 27. Wider benefits of PAM Right level of access, to the right accounts, for the right people, at the right time, for no longer than needed.  Credential Rotation  Detailed Auditing  Governance & Control  Vendor Access  Auditing & Compliance  Least Privilege  Zero Trust
  • 28. Take protection to the next level with automation Automate IT and business workflows Always protect credentials End-to-end audit trail Users can’t do anything they shouldn’t Role-based delegation to free up admins EMPOWER PEOPLE, MOVE FASTER
  • 29. Special promotion: Osirium Fast Protect  Enterprise-grade access management  Protect up to 10 devices for 3 years  1 day implementation assistance Just £4,995 Visit the Osirium stand (C50) to learn more
  • 30. Questions? Simplify IT and Security Empower People to Move Faster Visit the Osirium stand (C50) to see PAM in action Selecting Osirium PAM wasn’t just about the robustness of the solution and the competitive price. It was also the professionalism of their engagement and the excellence of their support. Mark Grant, IT Infrastructure Operations Manager, NHS Lanarkshire What struck us with Osirium PAM was not just the breadth of capabilities, but also its flexibility and ease of implementation. Alex Breedon, IT Manager, Gibtelecom We had Osirium PAM up and running in under a day. Dave Pritt, IT Infrastructure Manager, Saunderson House

Editor's Notes

  • #2: Welcome and thank you for joining me today I am Mark Warren and I’d like to present today about the growing challenge of Ransomware and how organisations should protect themselves against attacks and be prepared to recover after an attack.
  • #3: Let’s start with a question. How many organisations do you think have suffered a ransomware attack? Less than 50%? 75%? Higher?
  • #4: Recent independent research commissioned by Osirium threw out some surprising numbers. Nearly 80% said they’d been attacked with 68% saying the attack was in the last 12 months.
  • #5: Cyber attackers were definitely not on furlough over the last 18months and if anything changes to working practices, such as remote working, has aided Cyber criminals to impact even more organisations and make more money. This has impact has been across all businesses, but there has some significant cases showing a possible new trend to attack the supply chain: the providers of managed services or software suppliers. Solarwinds was probably the most high-profile. There the attack took a very sophisticated route into the solarwinds software build systems and infected firmware that was then deployed to thousands of network devices around the world. It’s no wonder these attacks are attractive: With one attack on an MSP or software supplier, hundreds or thousands of organisations can be infected and become potential ransom-payers.
  • #6: So, really, it’s a question of WHEN you will be attacked, not IF so you really need to be prepared.
  • #7: In this session, I’m going to take a look at what is probably the most common attack journey – how the ransomware gets into an organisation and then how it develops to ensure maximum damage and highest possibility of ransom payment. I’ll also look at how prepared or unprepared most organisations are, and why they may not be ready. Finally, I’ll wrap up with some examples of how protection can deployed without impacting the business.
  • #8: Why am I talking about this and why Osirium? We are a UK Based Cyber Security software company that provides solutions that protect organisations against the threat of malicious and accidental misuse of Privilege credentials We have some great customers in the UK and internationally, ranging from small non-profit organisations to global financial services.
  • #9: Let’s start with looking at a typical attack journey. Almost all attacks start with some software arriving with at a user within the business. Most users have limited powers to make significant impact on the business if they are attacked. That’s why malware is always looking for chances to elevate its privilege level – to become some kind of “administrator” that has the potential to do maximum damage. That’s why its estimated that 80% of all breaches involve privileged access – I suspect it’s actually higher. You could think of this as elevating privilege to maximise the potential blast radius of an attack. A user may cause limited damage, but an administrator with root access to a critical server or a domain administrator can bring the entire organisation down. Let’s look at an example of how that happens.
  • #10: This is a very simplified example, but it shows the main concepts that I want to highlight. We probably already know the most common entry points to attacks is via the people in the business. Even with good training, the attacks are so sophisticated that it’s easy to click on a bad link in an email, open an infected document or download an infected software installer.
  • #11: Once that unfortunate click is pressed, the attack is in progress and that workstation is infected. In most cases, it’s not visible. The malware sits in wait, looking for more interesting and valuable content and accounts. It may lay in wait for weeks or months before becoming active.
  • #12: But, the attack may start exfiltrating some data, including that user’s credentials. Those credentials could be useful later, but they may also be the gateway to other attacks, Sadly, human beings are not good with passwords. Far too often, they’re too simple or reused – the common themes of pets names, birthdays etc. may be easy to remember but they also make it easy for hackers to brute force your accounts on other systems.
  • #13: The attack will be looking for opportunities to spread. For example that infected software download, say freeware drawing package, or an infected document, may get copied to a shared file server where it’s ready to be picked up by other, unknowing victims. Of course, even at this point it may find valuable data or accounts. People often forget the value of their data spread around the organisation like this. It could be documents with customer lists, it could be IP such as source code, or product designs. It could even be – and this is the real nightmare, but sadly real - a spreadsheet containing admin account names and passwords! All valuable assets to be exfiltrated out of the business. And this is all before the ransomware has kicked in.
  • #14: Once that document or file is available, even the most experienced admin could fall victim. Perhaps they see that someone has already downloaded the updated app they wanted or they open that infected document.
  • #15: Once the attack has infected the admin workstation, it can now collect the admin level credentials to elevate its privileges and start going after the really interesting systems and data.
  • #16: Of course, before doing much more, those credentials and admin content gets exfiltrated because they could be really valuable on the black market.
  • #17: Of course, that admin has privileged access to valuable systems – that’s their job..
  • #18: Those devices could the hypervisor for your virtual machines. That doesn’t sound too bad, but those VMs could be running your VPN, your firewall, your domain controller, … or any number of critical services and applications. It could be your Domain Controller or Active Directory server. Once the attack has that access, it remove, change or delete accounts, it could push malware to be installed on every laptop or device across the business. Another key target could be your backup management system. Once the attack gets the admin account credentials for your backup management system, such as Veeam, Commvault, etc, it can change backup schedules, or even get access to the backup files themselves ready to delete or infect the backups.
  • #19: Once those backend systems are infected, we see the same stealing of content and credentials But the attack will continue to lie in wait. Smart attacks wait weeks to ensure that infected files from user’s workstations or other servers are backed up – preferably through all the backup levels, even those snapshots taken offline.
  • #20: Eventually, the attack goes live and the nightmare really starts. It’s at this point you find out just how good your recovery plan is and just how damaged all your systems and backups are.
  • #21: One slightly surprising result from the Ransomware Index report, was just how willing people might be to pay a ransom rather than invest in improving defence and prevention systems. Some people may take the same attitude as they do with insurance – we’ll pay the cost if it’s ever needed. As we saw before – it’s not a question of “if” but “when” an attack will happen, so this is a short-sighted view. Some might assume that they outsource some or all of their IT and assume their MSP will sort out the mess. As we’ve seen, those MSPs can be a target, but the Index also found that only 43% of businesses with at least some outsourced IT had formal requirements for ransomware protection in their service agreements. Finally, they may be assuming that protection is expensive or even not feasible.
  • #22: To some degree, that’s understandable. Protection can be very complicated. Let’s look at those Admin accounts that are the crown jewels for attackers. In the past, there might have been a limited set of admins, all within the IT team. Today, that’s not the case. Not only are there more admin roles in IT, but there are admins across the business: the web master in Marketing, the CRM admin in the Sales team, the HR manager, and many more …
  • #23: To make things worse ransomware is getting easier to build and deliver. Why? Because it’s easy, it’s high volume and it’s quick…. There’s no handling of stolen goods, it’s just straight to the money…. and the untraceable nature of crypto currency means the likelihood of being caught and prosecuted is virtually zero. The cyber criminal experts have even learnt from big-business and even offer Ransomware as a Service. Even the ransom negotiation can be outsourced and provided as a ”managed service”. The scale of Ransomware is almost beyond belief. Nearly 900,000 new variants of ransomware per day! No wonder Anti-virus and perimeter protection can’t keep up and successful ransomware attacks are continuing to happen and make the new headlines. A worrying trend is that the cyber criminals know that a successful attack has 2 potential outcomes. You pay the ransom OR you recover to a backup…. But those backups are a critical part of the recovery plan for most so anything the attacker can do make recovery harder, the more the ransom demand looks attractive.
  • #24: Some good and bad news from the Ransomware Index. People understand how critical backups are to their ransomware recovery plans – 96% agreed. What’s not so good is that not enough is being done to protect those backups. Although there is a high adoption of techniques such as offline backups – but remember what we’ve already seen they are a prime target – the most fundamental protection is not being addressed. That is protecting access to those privileged admin accounts used for the backup management system or to the servers hosting the backups. This is a fundamental capability – and its required for every element of your cybersecurity strategy. After all, if you can’t protect the admin accounts on your anti-virus, firewall, DLP tools, or anything …. Then really you’re leaving the keys to your kingdom in the door inviting an attack.
  • #25: It’s not just me saying that. Last year, and again earlier this year, the UK’s NCSC issued guidance to all businesses and public sector organisations to protect against malware and ransomware attacks. They were very explicit about the need for backups and to protect those backups with privileged access management – usually known as PAM. Based on this, NHS Digital made additional funding available to NHS trusts at the start of the year to invest in PAM. I’m very happy to say, that over 30 NHS trusts took up the offer and chose Osirium to build their PAM protection.
  • #26: Let’s see how PAM, and related technology, protects against ransomware attacks. You’ll remember this nightmare scenario of the infected organisation. Let’s break it down to look at what protection is needed where.
  • #27: We’ll start with that entry point for an attack – the regular users. In far too many organisations, users have been granted local admin rights. There’s a good reason for that – if they need to update software or configuration, for example, IT don’t want to have to deal with every small request because they’re already over-worked. That means the user is happy and the help desk can focus on more valuable work, Unfortunately, it means they can install that infected app or click on the dodgy link. The solution is to allow managed access to local admin rights without opening up the whole system. With Osirium’s Privileged Endpoint Manager, IT can define policies to allow users to run specific, approved applications with elevated privilege – you’ve probably seen the UAC pop-up dialog in Windows when installing something – but only approved apps with a known fingerprint can be elevated preventing the infected malware attack. The user can get on with their work, and IT don’t see a flood of new help tickets. On the backend, Privileged Access Management, like Osirium PAM, protects those admin accounts on vital IT systems like hypervisors, domain controllers or backup systems. Because the admins never have access to actual usernames and passwords to access those systems and services, they cant be leaked to an attacker. PAM takes the key out of the door, to continue my earlier metaphor.
  • #28: PAM has many other benefits. The key capability is that it ensures only the right people have the right level of access to the right services and the right time and only for the time it’s needed. That’s a fundamental requirement of any least privilege or zero trust strategy. But with PAM, there are many other benefits. The organisation now has visibility and control over those privileged accounts – who has access, when can they access, monitor what they’re doing and so much more. It also makes it much easier to show compliance with standards that need active privileged account management such as Cyber Essentials, ISO27001, PCI and many more.
  • #29: Managing access is only the start. The next level is to manage what people are doing while they have access to a system with privileged access. That’s where automation comes in. Osirium’s Automation lets you build workflows for almost any IT or business process that needs to use administrator accounts such as user account management, firewall updates, the list is endless … It’s simpler than RPA, it’s more secure than traditional scripting and it means that IT jobs that normally need a valuable expert can be safely delegated to the help desk or first line engineers.
  • #30: If you’d like to know more, please visit the Osirium stand at C50. You can also hear about a special promotion we’re running at the moment, where you can get started with PAM, including Automation, for less than £5,000 including 3 years’ support.
  • #31: I wanted to thank you for your time and share some quotes from some of our customers I look forward to speaking catching up with you on our exhibitor stand or please reach out to me with these details….. Any questions? Thank you.