The new US National Cybersecurity Strategy is heavily weighted towards preventing ransomware. In fact, the report calls out ransomware multiple times (29 to be exact) and dedicates an entire section to ransomware: Strategic Objective 2.5: Counter Cybercrime, Defeat Ransomware.
This move is intended to elevate the threat of ransomware and light a fire under organizations, so they take a more proactive defense. Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi, warns that organizations need to put skin in the game, “We can’t fool ourselves. It’s still the role of businesses to protect themselves and their customers. This can’t be offloaded and ultimately, there is no defense force or police that will save businesses from cyber-attacks. This is a reality that the leaders in government must understand.”
This means that organizations will have to take more initiative to bolster their defenses against ransomware. For example, while most organizations invest heavily to protect critical software infrastructure, few do anything to protect their internal software against attack. Protecting against the most frequent ransomware attack vectors, like Microsoft macros and scripts, is largely ignored in cybersecurity strategies. A Venafi survey found that only 21% restrict macros and 18% restrict PowerShell scripts.
Why is it critical to sign macros and scripts?
Think of the amount of software that is used to speed up your day-to-day business operations, such as macros, PowerShell scripts and executables. In your organization, IT teams and other groups may rely on PowerShell scripts to onboard new employees, delete aging files, schedule a task, or any number of common business tasks. It’s often overlooked that these little applications used broadly across your organization to automate day-to-day tasks are really a type of software.
Unfortunately, these very same macros and scripts can be used by threat actors to access intellectual property, customer information or the personally identifiable information (PII) of your users, not to mention to access critical software infrastructure. Compromise or misuse of this software can jeopardize your organization, lead to financial damage and tarnish your organization’s reputation. It’s imperative that these types of automation scripts also be protected by being signed.
However, only 28% of organizations require all software be digitally signed by their organization before employees are allowed to execute it.
Code signing is a critical defense against ransomware
Code signing your internal software helps prevent cybercriminals from accessing and injecting your internal software with ransomware. When you digitally sign your macros, PowerShell scripts, and other executables with a trusted code signing certificate, you can help protect against tampering. It’s one of the best ways to give people who use your internal software the confidence that you authored them and that they haven’t been compromised.
Even though code signing has protected businesses and consumers for decades, there has been a recent spike in cybercriminals stealing, forging, or leveraging vulnerabilities through insecure code signing practices. This exposure increases the risk that internal software is compromised by hackers, or the reputation of an organization is damaged when ransomware is injected to breach an organization. That’s why code signing internal software is an important element of preventing threat actors from accessing valuable corporate assets that could be held for ransom.