Ransomware was once a niche concern, but now it makes global headlines. And the NHS represents big returns for attackers, putting Trusts high up the potential hit list.
Evolving work practices and a shift to work from home routines have enabled a perfect storm to occur. A significant increase in Remote Desktop Protocol (RDP) connections which allow devices to connect over the Internet or a local network have become the primary attack vector for attackers if they are exposed to the internet without adequate protection. Once on to the network, attackers can move from one device to another, sniffing out vulnerabilities.
Much has been made of the risk by NHS Digital, and new initiatives like the NHS Secure Boundary will provide a vital layer of protection by helping to monitor local and national threats. The key to beating ransomware is in deploying a multi-layered approach to defence, especially as healthcare providers seek to digitally transform and ‘open up’ access to apps and data.
Much of the risk of ransomware occurs at the endpoint – the devices used, behaviour of users and the management of privileges. It’s why many Trusts are now looking at digital workspaces as part of their fight against ransomware, and a multi-layered security strategy. A digital workspace offers some highly effective measures for reducing ransomware exposure. Here are four to be aware of:
- Never trust, always verify
Many digital workspaces are built on a Zero Trust Network Architecture (ZTNA), which is a valuable defensive mechanism in blocking ransomware. A ZTNA ensures that users, devices, and network traffic are all verified and subjected to least-privilege rules when accessing trusted resources. Multi-factor authentication ensures that users and devices must sign-in once using more than one piece of evidence to authenticate and therefore access the apps and data they are entitled to. However, access periodically times out and forces re-verification. Following this approach, if assets become compromised, they are limited in their scope and an attacker is prevented from moving laterally across the network. Importantly, this helps operations to keep running even during an active attack.
- Publish virtualised and hardened browsers
Browsers are used heavily to access apps, especially those delivered as SaaS. Simply visiting the wrong site and innocently clicking on an infected link could inject malware onto the user’s device. Browser virtualisation isolates the web browser to insulate data and networks from threats such as ransomware. Streaming the browser as an app as part of a digital workspace introduces a layer between the corporate environment and the Internet to shield the trusted computer and its data from attack. The virtualised browser also keeps sensitive data off the endpoint.
- Publish a virtualised and hardened email client
Just like virtualising and hardening the browser, a digital workspace enables the same to be achieved with a virtual email client to protect against infection via email links and attachments. This can be delivered for either a traditional native client such as Microsoft Outlook, or web-based email including Google Gmail and Microsoft Office 365. Publishing the email client ensures that all required security settings are configured and consistent for all users and specific to use cases. Antivirus, data loss protection, whitelisting and other technologies are integrated with the published email application and are therefore not endpoint-dependent or limited. Only the pixels representing the email app are sent to the endpoint, not actual messages, attachments, or other data, ensuring that ransomware does not infect the user’s computer and thus gain a foothold within the enterprise environment for further penetration and attack.
- Protect mobile devices against attack with containerisation
With the emergence of hybrid workstyles, mobile devices have become more vulnerable to ransomware and other malware. A digital workspace enables a secure container to be created on the device (even personally owned) where corporate data and apps can be accessible. This also makes it possible to centralise management, security, and control for apps as well as data and settings without interfering with any personal content on the device. IT teams can therefore deploy contextual based security policies that permit access only in compliant scenarios to reduce exposure to malware. Tools embedded in the digital workspace can also prevent malicious apps on the device and can check that the device is not jailbroken or rooted to allow installation of non-approved apps, all of which are common modes of exploit for ransomware.
To learn more about securing your workspace and the role of cybersecurity in your digital transformation journey, download our eBook – Secure by design: Incorporating cybersecurity into your digital transformation strategy.