Take Ransomware Seriously
June 10th, 2021 by admin
According to former top U.S. cybersecurity official Chris Krebs, “we are on the cusp of the next global pandemic." What he's describing isn't biological. It's ransomware—a cyber threat that's increasingly common, and highly disruptive.
There is no such thing as a “silver bullet” for solving the problem of ransomware attacks. But there are best practices that–regardless of size or industry–should be taken to better protect themselves from a ransomware hijack:
- Take ransomware seriously. The road to having better cybersecurity starts with a fundamental change in mindset. A willingness to understand what real risks exist, and make the changes needed to protect against them, should be every organization's first step. This means all organizations should view ransomware as a threat to their core business operations, rather than a simple risk of data theft.
- Multifactor authentication (MFA). The dark web is full of solen login credentials that can be easily purchased and then used to gain unauthorized access to your systems and data.
- Endpoint detection and response. New, AI-based technologies hunt for malicious activity on network and mobile devices and can quickly block an attack. The faster the detection the better you can react and limit the damage.
- Encrypt devices and data. So that if they're either lost or stolen, they're unusable
- Employ a skilled, empowered security team. Having individuals whose entire focus is on security, ensures accountability for making sure that critical tasks are completed and that security intelligence is incorporated throughout the organization. If you are trying to get more serious about better security, but aren't in a position to have your own internal team, our managed security programs are designed to fill this gap.
Additional practices to improve your security posture
There are also other key practices, which are discussed in the White House's recent information releases, that all organizations should employ to further improve their security posture including:
- Timely updating and patching of systems. This includes having a regular schedule to promptly maintain the security of operating systems, applications, and firmware. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program.
- Network segmentation. There's been a recent shift in ransomware attacks – from stealing data to disrupting operations. To deter lateral infiltration of your network and compromise within multiple areas, it's critical that your core business functions and operations are logically and/or physically separated from one another. Internet access to operational networks should be carefully filtered and access limited to only those who need it to perform their job. Links between ICS networks should be identified and workarounds developed to ensure they can be isolated and continue operating if your corporate network is compromised.
- Backup your data, system images, and configurations, regularly test them, and keep the backups offline. Ensure that backups are regularly performed and tested. Having backups stored offline, where they're not connected to the core network is critical, as many ransomware variants try to find and encrypt or delete accessible backups. If your data backups end up encrypted with ransomware, your organization can't restore systems.
- Test your incident response plan. There's nothing that shows the gaps in a plan better than testing it. Contingency and response plans should be developed and then put into place. After that, they should also be regularly tested so that critical functions can be maintained during a cyber incident. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?
- Check your team's work. Even if you have internal IT or security resources, use a 3rd party to test your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and highly innovative. They're armed with sophisticated tools and all the time in the world needed to find system vulnerabilities that are the equivalent of an unlocked door.
Yes, you are on the radar of cybercriminals
The attacks on Colonial Pipeline and JBS meatpacking were so big that they couldn't help but make the headlines. But in reality, most attacks are quietly dealt with by victim organizations without fanfare or widespread publicity. Which makes it extremely difficult to gauge the true scale of the problem, and shift the collective mindset from reactive/responsive to proactive/prepared. The bottom line is that ransomware can't be viewed as just a “healthcare” or “banking” issue; it's everyone's issue. The business of ransomware is extremely lucrative and getting more widespread by the day. Any organization's operational data and systems can be hijacked and monetized, by holding it for ransom. And relying on ransom payments or government interventions are not a viable solution.
Having better cybersecurity doesn't have to be complicated
Don't sit waiting for the next shoe to drop. Every organization can have the essential services needed to reduce the risk of security threats and support their compliance requirements. Our 4-pillar managed security program provides a full-spectrum of cyber services and takes the guesswork out of covering the right security measures at each key level of the network. Each pillar of protection includes the right combination of proactive and remediation services to reduce risk and minimize the crippling effects of a cyber-attack on your operations.
Posted in: Cyber Security