SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Data Protection
#
Ransomware
#
DevOps

Beyond ransomware payments: A proactive approach to cybersecurity

Mon, 17th Feb 2025
By Simon Pamplin, CTO, Certes

The UK government's recent proposal to ban public sector bodies – including the NHS, schools, and local councils – from making ransomware payments appears to send a strong message, but it only scratches the surface of what's needed to counter these attacks.

A ban on payments doesn't prevent the attacks themselves, it merely shifts the focus, leaving organisations vulnerable. Without addressing the root causes and vulnerabilities, the ransomware threat remains very much alive.

Discussing below from  Certes how to truly protect organisations, we need to go beyond deterrence and adopt strategies that disrupt ransomware attacks at their core. This means stopping attackers in their tracks and, most importantly, "devaluing the data" they're after, making the ransomware attack itself pointless.


The limitations of a payment ban

Banning ransom payments is a reactive policy – it addresses the aftermath of an attack rather than preventing it. Hackers are well aware that while public sector organisations may comply with the ban, private entities might still pay.

Even within the public sector, criminals could escalate their methods to extract value or cause disruption, such as leaking sensitive data to the public domain.

This approach is like locking the door after the intruders have already ransacked the house. To stop ransomware attacks, organisations need to take proactive steps that render data theft useless to attackers.


"Devaluing data" with DPRM

To effectively combat ransomware, organisations must focus on devaluing the target of any attack, the data itself. This means implementing security measures that render stolen data valueless to attackers, they cannot access the data so cannot ransom it back or sell it on, making the entire attack a pointless exercise and a waste of their time.

Specialist Data Protection and Risk Mitigation (DPRM) techniques, ensure that sensitive information remains protected at all times. By encrypting and wrapping security directly around the data itself, DPRM prevents unauthorised access or manipulation. Even if attackers breach a system, they gain nothing of value because the data is unusable without the appropriate permissions.


Breaking the ransomware kill chain

Ransomware attacks typically follow a structured kill chain: gaining access, escalating privileges, moving laterally through the network, and finally exfiltrating or encrypting data to demand a ransom.

But it is key to disrupt this chain at every stage:

  • Prevention of privilege escalation: Attackers often exploit privileged accounts to access sensitive data. DPRM separates data access from network access to prevent lateral movement, ensuring no single breach can lead to full system compromise.

 

  • Mitigating data exfiltration: Once inside a network, ransomware spreads laterally to infect multiple systems. DPRM's protection policies, controlled by the organisation's security team, render stolen data indecipherable to attackers and, therefore, useless.

 

  • Quantum-grade data encryption: Policy-based crypto-segmentation protects Active Directory from sophisticated attacks, meaning attackers cannot modify or exfiltrate data without authorised access.


By targeting these critical stages of the kill chain, DPRM stops ransomware attacks before they can cause significant harm.


The need for data-centric security

While policy measures like banning ransom payments are steps in the right direction, they must be complemented by robust data protection strategies. 

Organisations should not rely solely on deterrence but must actively fortify their defences. Implementing comprehensive solutions is essential to staying ahead of evolving cyber threats and ensuring the resilience of critical services.

The fight against ransomware needs a combined approach of policy interventions and a proactive data-first approach that protects data beyond traditional perimeter security. By devaluing data through robust protection mechanisms, we can shift the balance, making it clear to cybercriminals that attacks will yield no reward.


Deploy a proactive, data-centric approach

As ransomware attacks grow more sophisticated, the question every organisation must ask isn't if they'll be targeted but when. Are they relying on outdated defences that only react to breaches, or are they ready to stop ransomware in its tracks with a proactive, data-centric approach?
 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Kaspersky enhances cloud workload security with update
Senetas sells Votiro to Menlo Security for USD $37.5m
Fortinet upgrades FortiAnalyzer for enhanced cyber defence
Nozomi Networks named leader in CPS protection by Gartner
Kaspersky blocks over 893 million phishing attempts in 2024
Top stories
Veriam launches all-in-one platform for identity and access
Quest launches AI tools to simplify IT migration processes
Pangea unveils AI security tools to combat growing threats
Tenable warns of data risks from new AI model DeepSeek
Verkada secures $200m funding to enhance market presence