Digital Thinking: Don’t Forget the Endpoint in Your Ransomware Defense and Recovery Strategy

This blog is part of an (end) point of view series on the digital workspace from IGEL’s Office of the CTO

From pension funds to healthcare providers, ransomware is still finding plenty of victims. After a post-pandemic drop, the rate of ransomware is accelerating. Two groups getting attention are CIOp and BlackCat (ALPHV). Cl0p’s MOVEit Transfer hack to date has affected 15 million people and 121 organizations, including two large pension funds, CalPERS and CalSTRS. BlackCat (ALPHV), skilled at exfiltration, threatened to leak photos and sensitive data of a plastic surgeon’s patients and, according to a Check Point report, previously leaked patients’ photos and medical records after an attack against American healthcare provider LVHN earlier this year.

The Endpoint as First Line of Threat Defense

BlackCat is a good example of why all of us need to shift our thinking about security from a focus on servers and infrastructure, to focusing on the user edge, at the endpoint. A TrendMicro analysis of BlackCat notes that blocking malicious emails and employing the latest security solutions to email, endpoint, web and network are essential defense practices.

At IGEL our mission is to provide the best security at the endpoint, to prevent businesses becoming the next ransomware victim. We believe the best defense is to separate business data and applications from the hardware device and store the data in the cloud to reduce the attack surface. This separation enables a user to access data via a secure OS and have the flexibility of location and device.

Cloud-based workloads, coupled with role-based access controls and mandatory multi-factor authentication (MFA), can further strengthen threat defense. Limiting access to work-essential files and applications, being aware of employees’ changing responsibilities, and being diligent about shutting down access when offboarding, will lessen opportunities to penetrate the network.

Separating data and applications from endpoint devices is the first line of defense in disaster recovery. It must be combined with a secure operating system (OS) which supports a hybrid cloud environment and is compatible with VDI platforms like VMware, AVD or Citrix – serving up SaaS, DaaS, and other virtual services. Linux OS, for example, operates fully separate from apps and services, shrinking the attack surface on each endpoint to its absolute minimum and enabling efficiency in how end-user apps and cloud services are procured, downloaded, and updated. It enables fast tracking Windows updates and patching across the enterprise for improved security.

Disaster Recovery: How the Endpoint Fits

When a ransomware or other cyberattack is successful, business continuity depends on safe data recovery and the ability of people to return to work quickly. The solution is a secure OS, like Linux, which is rapidly recoverable and can reboot back to its known good state. This requires a read-only nature and the ability to partition data to aid in priority recovery of critical applications. Since these applications are separated from any piece of hardware, they can be securely accessed from the cloud and support business continuity.

Remember the Endpoint

CIOp’s MOVEit Transfer and BlackCat are just two examples of sophisticated hackers threatening businesses. Creating a specific endpoint security strategy, including moving critical applications to the cloud, is imperative as hybrid workers toggle between locations and often insecure devices.

It makes sense that a disaster recovery strategy must start looking more closely at the endpoint and an OS that supports secure cloud compute as an integral factor in business continuity.

To learn more about endpoint security and IGEL OS go to https://www.igel.com/endpoint-security-software.