Microsoft: Most Ransomware Compromises are Due to Unmanaged Devices
According to Microsoft’s recently published Digital Defense Report, “80-90 percent of all successful ransomware compromises originate through unmanaged devices.” Microsoft offers suggestions to improve security at organizations that allow bring your own device (BYOD); The UK’s National Cyber Security Centre also has BYOD guidance. The Microsoft report also notes that human-operated ransomware attacks are up more than 200 percent. Most of those were targeted organizations with fewer than 500 employees. The report also reinforces the importance of essential security hygiene, saying “Basic security hygiene still protects against 99% of attacks.”
There is not a lot of backup in the report on what they mean by “unmanaged devices” as the origination point of successful ransomware. Since the majority of ransomware attacks start with a successful phishing attack, the use of personally owned phones to give away reusable passwords could be the major component - especially since the report also says 99% of all attacks would be thwarted by MFA and other essential security processes.
The key takeaway from the Digital Defense Report is the importance of cyber hygiene in protecting your enterprise. At the non-profit Center for Internet Security (CIS), the Critical Security Controls are the natural starting point. CIS IG1 safeguards (referred to as essential cyber hygiene) provide an effective defense against the top five attack types (including ransomware).
All devices used for corporate business need to be well managed, to include BYOD. The effectiveness of BYOD is tied to how much you can manage the device, effectively making them corporate devices. The problem with BYOD is you don't own the device, so you are reliant on user consent as you don't have the same legal standing as you would with corporate devices to enforce configurations or take action. Be prepared to provide corporate devices to any who have concerns about you fully managing their BYOD choice.
This one is interesting; I’ve seen a lot of midsize and small businesses go the route of “BYOD” in the sense that they are not managing endpoints at all. Some even allow any machine to be used for remote work. This is a serious concern. If you have devices in your environment, manage them.
The trend is for more and more access to be via user owned or managed devices. Such access should be contained or isolated so as to resist both user error and/or device compromise spreading laterally to mission critical applications and services.