The threat is current: Cybercriminals have proven that they can carry out ransomware attacks on all sorts of organizations to extort valuable money or data. A growing number of companies in Italy and abroad have found themselves in the awkward position of deciding whether to pay the ransom or say goodbye to their data. And it is often only a matter of time before the attack is repeated. How to protect yourself? Dealing with ransomware requires a new way of thinking.
This type of attack cannot, in fact, be avoided with the security strategies already adopted by companies. However, detecting any out-of-the-ordinary movements is possible and allows the security team to contain malicious events. Detection systems are essential to keep the team updated on any suspicious movement or behavior that occurs within the company perimeter.
The biggest cloud risks
The Vision and Visibility: Top 10 Threat Detections for Microsoft Azure AD and Office 365 report by Vectra AI analyzes, differentiating them for each sector, the major risk profiles for the cloud security of companies, and the possibilities of reaction, through detection related to the behavior of attacker, as in the case of ransomware or supply chain attacks. To protect the perimeter, it is essential to collect the right data and have an AI system focused on possible threats, which allows you to verify the attacks’ details and focus on the most urgent breaches to block.
As demonstrated by the attack that paralyzed the IT systems of the Lazio Region, putting out of use the portal that manages the bookings of anti-covid vaccines, direct threats to health facilities can not only put relevant data at risk but can also interfere with the quality of the prevention and treatment services provided to people. It is common to detect attacks to target Office 365, which is particularly attractive to cybercriminals because even with basic access without particular privileges, it proves to be a formidable entry channel into the system.
Voted for maximum uptime and speed, the manufacturing sector is the favorite target of ransomware. In fact, the sudden production stop induces companies to find a quick solution by paying the ransom to limit losses and resume activities. In addition, manufacturing industries are moving quickly to the cloud to ensure speed, scalability, and greater connectivity, adding another layer of a possible attack. In this industry, two-thirds of the attacks analyzed by Vectra are related to the sharing of activities on Office 365. Cybersecurity officers should analyze any suspicious shares to verify their authorization and avoid progress in the attacks.
Finance is one of the most regulated industries, but moving to the cloud offers new attack prospects. In particular, Office 365 and Azure AD are the environments in which Vectra customers have encountered the most significant violations.
The pandemic has pushed the world of education to find new ways to keep students and teachers productive. The cloud has also been heavily relied upon in this area, and a large amount of email and shared activity has increased the difficulty in detecting threats.
What to do?
It’s time to start understanding your account behavior. Whatever sector you belong to, it is essential to develop a clear vision of what behaviors are authorized and to increase visibility to monitor and measure deviations from this standard. Without these two precautions, identifying threats becomes a complex challenge because it is impossible to clearly distinguish authorized actions and movements implemented by the attackers.
Also Read : Logistics Digitalization: a Question Of Safety