More than 72 percent of businesses worldwide have been affected by ransomware attacks this year, with an average cost of $4.45 million per breach. At more than 2,000 compromises as of September 2023, companies have already exceeded the 2022 total, and the numbers are still climbing.
Business downtime, brand damage, and customer impact are harder to quantify, but very real. Consider a few recent high-profile cases:
- Norton LifeLock, an identity protection and cybersecurity leader, had to notify approximately 6,500 customers that their accounts had been compromised by credential stuffing.
- A mass hack of a vulnerability in the MOVEit file transfer tool earlier this year impacted more than 40 million people and more than 600 organizations, including government agencies, schools, and companies. The maker of MOVEit, Progress Software Corp, now faces more than a dozen lawsuits.
Key security practices
Why are these attacks successful? And what can organizations do to prevent them? For the highest return on your security investments, we recommend the following key practices:
Why zero trust now?
Read our blog about the importance of zero trust network access in a highly distributed world.
- Adopt a Zero Trust framework. Use Zero Trust principles when protecting systems and data, wherever they are hosted. Zero Trust should be core to your risk mitigation approach against data security threats, particularly ransomware and malware. An aspect of that framework, Zero Trust Segmentation (ZTS), is already delivering impressive metrics. A 2023 Forrester Total Economic Impact study found that DXC partner Illumio’s ZTS products delivered a 111% ROI over three years, with $3.8 million in savings due to fewer outages and downtime, 90% decrease in operational effort, 66% reduction in the impact of a breach, and $3 million in tool consolidation and reduced firewall costs.
- Enforce multi-factor authentication. In April 2020, as the pandemic intensified, more than 500,000 Zoom account credentials were spotted for sale on the dark web. Today, those stolen credentials are still being used to systematically attack Zoom’s login framework. In addition to Zero Trust, implementing multi-factor authentication (MFA) will help prevent breaches via this this kind of brute-force credential stuffing.
- Be prepared to patch. The developers of MOVEit released a patch within 48 hours of discovering the vulnerability. The sooner customers were able to deploy the patch, the sooner they were able to close the exploit vector. Have the ability to rapidly test and deploy patches by including patching in your practiced breach-mitigation plan.
- Choose the right tools. Progress also suggests that due to the complexity of supply chains, some of the targeted organizations may not have known they or their partners were using MOVEit. Special software can help identify a company’s software supply chain vulnerabilities in seconds. And the right antivirus software and network protection tools, including data leak detection systems, can stop breaches from entering the environment or spreading. A managed security service can make it even easier by pulling the tools and solutions together and providing visibility across endpoints, datacenters, public clouds and containers.
- Examine security policies and practices. The human element of security plays a significant role in keeping an organization secure. Cash App, for instance, is facing multiple class-action lawsuits stemming from financial investment information about more than 8 million users illegally downloaded over a 4-month period by an employee who had been let go by the company. Preventive measures around account revalidation, in addition to implementing MFA (Cash App accounts used a verification code rather than passwords), and robust identity management along with ZTS could have helped — with particular focus on blocking access for former and soon-to-be former employees through account management systems.
In a large data breach in the education field, the Los Angeles Unified School District (LAUSD) was attacked by a Russian criminal group in September 2022, affecting over 1,000 schools and 600,000 students. Although they had been notified of potential vulnerabilities two years before the attack, the school district failed to address the risks. The original audit found that the district did not have a process for ensuring compliance with security standards, it lacked adequate incident response training, and certain types of accounts had substandard security.
While no single practice is guaranteed to stop cyberattacks, these best practices will help organizations thwart intrusions and respond effectively if there is an incident.
Learn more about DXC Security.
About the authors
Dan Rosner is a seasoned Information Security professional with years of experience at both Fortune 100 companies and seed-funding stage start-ups. He is experienced at building and leading Information Security and Governance/Risk/Compliance programs, and as a hands-on practitioner in both software development, and network and systems engineering. Connect with him on LinkedIn.
Miles Davis is a cybersecurity expert with over three decades of experience in the field. He has a wealth of knowledge having spent many years deep in areas such as Operations, Delivery, Architecture, and pre-sales. As an author, Miles brings a unique perspective based on real world practice and valuable insights to the audience. With his extensive experience at the sharper end of cybersecurity, readers can expect to learn from one of the most knowledgeable and experienced professionals in the industry.