Prevention should be the primary mitigation strategy for all defenders. This chapter focuses on how you as a defender can prevent ransomware from gaining access in the first place. It is the most important chapter in the book.

Nineteen Minutes to Takeover

Once any hacker or malware has gained initial “foothold” access to a device or environment, it is significantly harder to minimize further damage than it was beforehand. Prevention is easier and cheaper, even when prevention is difficult to accomplish and expensive.

The hardest part of any cyberattack is the first, initial access. After that, most attackers can more easily leverage one compromised program or device into many more. Using a single compromised device as a “base of operations” to take over an entire environment usually takes less effort than the compromise of the original device (which may, unfortunately, not be that hard either). Many studies, including https://www.wired.com/story/russian-hackers-speed-intrusion-breach/, show that the sophisticated attackers can move from one compromised device to many others starting in as little as under 19 minutes.

Preventing hackers and malware from gaining initial foothold access should be the primary focus of any cybersecurity defender. Unfortunately, “Have a good backup!” is often the first and sometimes only “prevention” recommendation concerning ransomware. Backups are not prevention. Backups are damage minimization. If you are using ...