Most organizations still lack infrastructure to fight ransomware: Vendor

A vendor report states that the failure of chief information security officers to enforce basic controls on privileged accounts is one of the main reasons ransomware attacks succeed.

"Overwhelmingly, our data had a widespread lack of discovery relating to most

Privileged credentials and basic controls on access,” says the study by Axios, which sells a cyber risk management platform, after studying de-identified data from more than 100 organizations that used its ransomware readiness assessment tool .

The broad conclusion of the study, released Tuesday in a report titled State of Ransomware Preparedness, is that most organizations surveyed were not adequately prepared to manage the risk associated with a ransomware attack, as many have basic cybersecurity. There is a lack of control. An attack stem.

Among the findings:

-Nearly 80 percent of organizations using the tool did not implement or simply did not implement

Partially implemented a privileged access management solution;

-Only 36 percent reported using Windows Service accounts, a type of privileged account, on a regular basis;

-Only 26 percent denied the use of command-line scripting tools such as

PowerShell by default;

-69 percent did not limit access to the Internet for their Windows domain controller hosts;

-Only 29 percent assessed the cyber security posture of outside parties before allowing access to the organization's network;

Only half yearly user awareness training for employees was conducted over email and

Web based threats.

"Organizations have lost sight of maintaining the most fundamental cybersecurity practices," the report said. “They are failing the fundamentals. although it may not be

To fully explain why organizations are falling victim to ransomware attacks, this is undeniably a contributing factor. "

What the report's authors said was most relevant to the finding. there was a widespread lack of

Basic control over privileged credentials and access.

Ransomware attackers often prefer "training-run" attacks to gain access to privileged credentials so that they can be used to develop full-blown, more widespread, malware.

And more disastrous campaigns, the report says. Use privileged credentials for

Ransomware attacks usually result in much wider and wider controls

on the organization's network and computing assets, making it more difficult

to eradicate.

Of those who used ransomware preparation tools, 70 percent said they

Do not put restrictions on where privileged credentials can be used (for example, they allow access to infrastructure that is not intended for administrative work), 63 percent reported using privileged credentials gave information. Two-factor authentication was not fully or widely implemented, and only 42 percent said they logged activities performed with privileged credentials.

The report urges the CIO and CISO to

assessing their commitment to controlling and securing privileged credentials;

- improving the defensive posture of their operating environment;

- Check your level of supply chain risk;

- Maintain and update their ransomware incident response plan;

Re-evaluate their ability to manage weaknesses.