Many countermeasures against ransomware attacks aim to filter and block phishing emails or detect the attacks before they can cause any harm. Unfortunately, though, attackers are often one step ahead, meaning that even state-of-the-art endpoint security systems are often unable to detect the attacks in time. It is a never-ending cat and mouse game between criminal hackers and manufacturers of security software.
One simple yet effective measure of protecting systems against ransomware attacks is often overlooked: If a user clicks on a malicious link in a phishing email and thereby installs an encryption trojan, the trojan will only be able to encrypt files which the user has access to. This shows why it is so important that administrators conduct their daily tasks, such as reading e-mails, not using not their admin account, but instead using a second, ordinary user account. Fortunately, this approach is widely accepted and has been established as best practice.
This scenario underlines that the damages caused by ransomware is potentially greater if attacked users have access to data they do not actually need to perform their jobs (or not anymore). Assigning access rights correctly is crucial because, even if malware makes its way into the system despite defensive measures, the company data will still be protected to a certain extent.
A central problem is that employees are constantly collecting new access rights without ever giving them up once they are no longer needed. One countermeasure to avoid this from happening may be to automate certain processes, such as the distribution of organization-dependent roles, and to ensure that data owners regularly monitor and update access rights. The fact that setting access rights correctly is essential to staying protected against ransomware is outlined in detail in the whitepaper “How to stay protected against ransomware” by Sophos. It states that the danger lies in users who “work as administrators and/or have more file rights on network drives than necessary for their tasks.”
Implementing the necessary guidelines and processes manually, however, is very time-consuming and mostly not practicable. The software solution tenfold offers a number of useful simplifications and automated workflows. Find out more about access rights management with tenfold or register now for one of our free webinars!