Microsoft has outlined its three strategies to protect against ransomware and the growing as-a-service cybercrime economy that has taken hold among ransomware groups.
As well as investing in “integrated threat protection across devices, identities, apps, email, data and the cloud,” Microsoft suggests organizations take three key strategies to protect against ransomware, including preparing a defense and recovery plan, protecting identities from compromise, and preventing, detecting and responding to threats.
In a blog post from Vasu Jakkal, Microsoft’s corporate vice president of security, compliance, identity and management, the company highlights the importance of adopting a zero-trust approach, which Jakkal defines as “never trusting an identity but always fully authenticating, authorizing and encrypting every access request.
Jakkal says the zero-trust approach also includes securing backups and protecting data.
Since identities have become a key target of threat actors as they use compromised credentials to move laterally and deploy malware and steal information, Microsoft also urges organizations to protect their identities from compromise.
Lastly, Microsoft also says prevention, detection and response is key in defending against ransomware attacks. Organizations should leverage comprehensive tools with integrated security information and event management (SIEM) and extended detection and response (XDR) solutions.
“This means understanding typical attack vectors, like remote access, email and collaboration, endpoints, and accounts, and taking steps to prevent attackers from getting in,” Jakkal says. “And, very importantly, ensure that along with outside-in protection you are also doing inside-out protection focused on data security, information protection, and insider risk management.”
The blog comes after the company’s second issue of its Cyber Signals report—released this month—which found that over 80% of ransomware attacks can be traced to common configuration errors in software and devices.
The report details the ransomware-as-a-service (RaaS) economy, which Microsoft says allows cybercriminals to purchase access to ransomware payloads, data leakage and payment infrastructure. RaaS, Microsoft says, lowers the barrier to entry and masks the identity of the attackers behind the attacks.
In addition to those aforementioned steps, Microsoft’s report includes other recommendations organizations should follow, such as hardening cloud infrastructure, auditing credential exposure, closing security blind spots and reducing their attack surface.