Chief information security officers’ failure to implement basic controls over privileged access accounts is one of the key reasons why ransomware attacks succeed, says a vendor report.
“Overwhelmingly, the most concerning finding in our data was the pervasive lack of
basic controls over privileged credentials and access,” says the study by Axio, which sells a cyber risk management platform, after studying de-identified data of more than 100 organizations that used its ransomware preparedness assessment tool.
The broad conclusion of the study, released Tuesday in a report called the State of Ransomware Preparedness, is that most organizations surveyed weren’t adequately prepared to manage the risk associated with a ransomware attack largely because many continue to lack the basic cybersecurity controls needed to stem an attack.
Among the findings:
–nearly 80 per cent of organizations using the tool hadn’t implemented or had only
partially implemented a privileged access management solution;
–only 36 per cent audited the use of Windows service accounts, a type of privileged account, on a regular basis;
–only 26 per cent denied the use of command-line scripting tools such as
PowerShell by default;
–69 per cent didn’t limit access to the internet for their Windows domain controller hosts;
–only 29 per cent evaluated the cybersecurity posture of external parties prior to allowing them access to the organization’s network;
–only half conducted annual user awareness training for employees on email and
“Organizations may have taken their eye off of sustaining the most fundamental cybersecurity practices,” the report says. “They are failing at the basics. While this may not
completely explain why organizations are increasingly falling victim to ransomware attacks, it is undeniably a contributing factor.”
What the report authors said was the most concerning finding was the pervasive lack of
basic controls over privileged credentials and access.
Ransomware attackers often prioritize “training-run” attacks to gain access to privileged credentials so they can be used to develop full-blown, more extensive,
and more destructive campaigns, the report says. The use of privileged credentials for
ransomware attacks typically results in much more extensive and widespread control
over an organization’s network and computing assets, making it much more difficult
Fully 70 per cent of those using the ransomware preparedness tool said they
don’t put restrictions on where privileged credentials can be used (for example, they permit use on infrastructure that is not intended for administrative work), 63 per cent had not fully or largely implemented two-factor authentication for using privileged credentials, and only 42 per cent said they log the activities performed with privileged credentials.
The report urges CIOs and CISOs to
–assess their commitment to controlling and securing privileged credentials;
–improve the defensive posture of their operating environments;
–check their level of supply chain risk;
–maintain and update their ransomware incident response plan;
–reassess their capability for managing vulnerabilities.
The full report is available here. Registration is required.