Most ransomware attacks are opportunistic. Here’s how you can stop attackers

And at the moment, organizations are leaving far too many of these vulnerabilities open for exploitation.

The weak link

We’ve long known that attackers seek to do the most damage with the least effort. Take the now-infamous MOVEit breach as an example, where the identification and exploitation of a single vulnerability (in this case, a web-based SQL injection bug) impacted over 2,500 organizations globally.

Gaining access to this one piece of widely used software allowed attackers to hit all of its users in one fell swoop. While MOVEit released an update patch as soon as they became aware of the vulnerability, releasing a patch does not guarantee that organizations will actually update and install it.

In this example, while MOVEit took the brunt of the impact. They were unlucky that the attackers identified their vulnerability first; it could have easily been another organization.

Back to the basics

So, as a business, how do you defend against this?

Well, we might not be able to predict where the next big attack will land, but we can likely predict the tactics and techniques that attackers will use. Time and time again, major incidents have cascaded from an entirely preventable vulnerability, with basic ransomware defense measures seemingly overlooked.

Take Multi-Factor Authentication (MFA), a now fundamental cybersecurity barrier for all organizations that prevents attackers from gaining initial access. Not only does it have a history now spanning decades, but there are also multiple ways to implement it within organizations

Despite this, last year, MFA wasn’t enabled or not fully configured in over half (59%) of incidents. Oversights like this are what leave the door open for attackers, giving them an ‘easy’ way into your organization.

Today, the poor cyber hygiene that stems from the failure to prioritize these now-essential measures could well be the most dangerous threat to your organization.

Investing in the right places

Security teams aren’t overlooking these elements on purpose. Unless you’re part of an extremely large organization with buckets of budget, you’re likely running with a fairly light security team.

And most of their time is probably spent fighting fires and dealing with day-to-day issues, leaving them without the time or budget to spend on cybersecurity strategy and tools.

For those in this position, it’s not about scraping together the budget to just add more tools to the stack; it’s about investing in the right ones.

Security services that don’t just provide a tool or a platform to deploy, but that can also aid with the establishment of essential cyber strategy, such as security governance, compliance, and wider risk management.

Even in those larger organizations with sky-high budgets, this can go overlooked. Money is thrown at the ‘latest and greatest’ cybersecurity tools, but without the strategy to match, activity is often mistaken for outcomes.

The biggest cybersecurity tech stack doesn’t always translate to the best cyber defense, and these organizations need to critically assess all of their tools to ensure they all feed into the larger strategy.

Because without a strategy, you’re essentially working blind. You’re putting the work in, but without any visibility as to how it’s delivering on outcomes. And while ransomware gangs continue to multiply, there will be ever more eyes out there searching for a payday.

If you continue to leave these gaps open, it’s a matter of when, not if, attackers will walk right through.

We've featured the best endpoint protection software.

This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit