Matt Lock, Director of Sales Engineer at Varonis comments: “A lot of organisations like to think they don’t have insider threats, but often at times it’s the loud intrusion of ransomware that is alerting an organisation to over-exposed, unmonitored permissions and data. When a user / employee with excessive permissions to data across the network is infected and the ransomware spreads to every file to which that user has access, organisations cannot ignore the crippling effects of hijacked data. In this case, it’s not just the administrative and executive staff affected, doctors and patients have no access to the resources they need to provide timely and effective medical care. This cyberattack on a rapidly growing list of NHS Trusts is shining a big, bright spotlight on the holes in their defences. If ransomware can temporarily halt productivity and medical care due to overexposed permissions, you can only imagine what a malicious insider or external actor with co-opted credentials can do to your organisation and how long they can go undetected.
Organisations should ensure that they actively monitor their IT infrastructure, specifically users and the files and emails they can access, and then perform regular attestations of access rights to reduce overexposed sensitive from being hijacked in the first place as well as perform user behaviour analytics against threat models that look for signs of ransomware activity.”