The headlines say it all. Today, ransomware is one of the fastest-growing malware threats; the Covid-19 pandemic has triggered a dramatic surge in its spread and most businesses are not well equipped to handle these threats. The use of outdated software and outdated data protection practices pose a high risk to business. Cybercriminals are finding newer sophisticated methods to exploit organizations and leverage the cracks in their cybersecurity infrastructures.
According to the Cybersecurity Incident Response Services by Forrester, 50% of global security decision-makers experienced a breach in the past 12 months, a number that rose to 63% in 2021 due to the increasing number of ransomware attacks against companies.
But first, it is important to understand how ransomware attacks work and what causes ransomware attacks.
What is a Ransomware attack?
Ransomware is a form of malware and a criminal business model that is constantly evolving although the basic concept stays the same. Ransomware aims at blackmailing organisations to pay money by making their data and related systems unavailable through encryption or by threatening to leak sensitive data to the public.
What can you do to protect your organisation from ransomware attacks?
Here are a few tips on ransomware attack prevention, what to do when ransomware attacks strikes and how to mitigate the impact:
- Educate your users on how to avoid clicking spammy links
- Remove vulnerabilities
- Enable good passwords and use strong authentication
- Make use of security monitoring and intelligence
- Pay attention to supply-chain risks
- Improve your defence in depth security architecture
- Maintain plans and policies
- Maintain a secured backup of your data
1. Educate your users on how to avoid clicking spammy links
Even though there is a lot of protective technology available to deal with ransomware it is a fact that the vast majority of ransomware incidents are still enabled by humans. The biggest potential to reduce ransomware risk lies in user awareness. No Anti-Ransomware program is complete without appropriate education and training elements.
Remind your users on a continuous basis to be wary about clicking on links and attachments in emails, text messages or any other social media apps without proper evaluation. Also, educate them to avoid USB devices, websites, software that are either unsolicited, not required or not approved by your organisation.
Attackers usually make use of constantly improving social engineering methods to trick users into clicking such links and thus, it is imperative that everyone is well aware of these techniques and how to safeguard yourself from them.
2. Remove vulnerabilities
Regularly patching your operating system and applications will help to close security vulnerabilities that attackers can exploit. Constantly monitor your systems for new vulnerabilities and do not forget to take the hackers view by performing persistent pentesting on your critical assets and entry points.
3. Enable good passwords and use strong authentication
Encourage users to use password managers that enable them to generate random, unique passwords for each account without having to remember a large number of complex passwords or to reuse passwords across accounts. By doing this, cybercriminals will have a much harder time getting access using the stolen credentials.
Furthermore, setting up two factor or multi factor authentication by default puts you one step closer to securing your data. Be aware of the fact that multi factor authentication improves the level of security, but it is not a bulletproof security control in all cases.
3. Make use of security monitoring and intelligence
Stay updated on the latest security threats in general and specifically to your organisation. Scan for breaches in your network and monitor what is going on in the internet/darknet regarding your organisations’ domains and account names.
4. Pay attention to supply-chain risks
Only rely on verified and trusted 3rd parties. Challenge your suppliers and partners on their security best practices.
Additionally, block the use of software and services from unknown or untrusted vendors. Malware writers often bundle their products with free software or plugins, so if something looks too good to be true, it probably is.
5. Improve your defence in depth security architecture
Having high performance firewalls, modern endpoint protection software or email security gateways is definitely a good idea to avoid being hit by Ransomware. But do not forget to constantly maintain a comprehensive and end-to-end security architecture that provides the best bang for your security money and that addresses the specific risks of your organisation’s environment and ways of working (work from home, bring your own device etc.).
6. Maintain plans and policies
Ensure that your organisation knows what to do in the event of a ransomware attack by developing a security incident response strategy and plan. It is important that the strategy and plans specify who will play what roles during an attack and how communications will be conducted. If any partners or vendors will need to be contacted, be sure to include their contact information. Additionally, ensure that your company has a policy for dealing with suspicious events that are often part of an attack for phishing confidential information. In order to verify your plans’ efficiency, you must regularly test them. Never testing a plan means that you cannot guarantee its success.
7. Maintain a secured backup of your data
Last but not least, do not assume that you can totally avoid ransomware attacks by any combination of prevention controls. Not having a good backup strategy in place must be considered as a lack of due care.Backing up your data regularly in a secure way is the best way to protect yourself from the impact of a ransomware attack and prevent any data loss. By doing so, you will have a copy of your data that is safe and can be accessed even if your primary copy is encrypted. This will allow you to continue working and avoid paying a ransom.
At a minimum, follow the 3-2-1 backup rule:
– 3 copies of data
– on 2 types of storage
– 1 of them located off site
Remember to secure your backups from unauthorised online access and take into consideration that attackers will also try to attack your backup and archive systems. Immutable backups or systems that require manual intervention by an operator to get write access to your backup data are essential.
Do not forget that implementing a secure backup is only half the battle, you need to be able to restore your systems in a timely manner (see also tip #6 on maintaining proper plans).
A backup retention policy specifies how long data should be kept, where it should be archived and what should be kept in backups. Restoring previous versions of the backed up files is possible with good backup retention policies, which provide protection against hardware failures and human errors.
The ebook on Backup, Archiving & Anonymization discusses the different types of backups and the risks associated with the failure of backups to provide a deeper understanding of the issues related to poor data retention.
If you need support to execute your Ransomware protection strategy, let us help you protect your organization from today’s threats, recover from any attack, and avoid ransom fees. We ensure all our clients’ endpoints, systems, and data are protected against cyber attacks using approaches that integrate next-generation data protection with cybersecurity.