As threat research reports continue to demonstrate, ransomware is a popular method of attack for cyber criminals due to the financial benefits it presents. From large scale attacks to those that are more targeted, the threat of ransomware can be a looming presence that forces organizations to wonder when, not if, it will impact them.
By adopting certain best practices and taking the right precautions, organizations can not only reduce the impact of a successful attack but also prevent future attacks.
10 Ways to Defend Against Ransomware
Here are 10 steps that organizations should consider if they are to protect their employees, their customers, and their reputation.
-
Identify what needs protection: Identifying business-related assets – including various systems, devices, and services – across the environment and maintaining an active inventory is critical in any security strategy. By taking these steps, organizations can recognize where they are most vulnerable, prioritize assets, and establish a plan for recovery.
-
Don’t underestimate patching: While the concept of patching and implementing regular upgrades seems basic, many organizations seem to gloss over this step entirely. If a system cannot be taken offline to be patched, it should be secured using inflexible proximity controls in addition to a zero-trust or isolation strategy. If these strategies cannot be implemented, organizations should consider replacing systems altogether, where possible.
-
Ensure security solutions are up to date: To stay ahead of these attacks, security teams must ensure their security systems are up to date, especially their secure email gateway since that is where the majority of ransomware attacks originate, enabling it to effectively stifle threats before they reach victims. Additionally, any good ransomware defense strategy should leverage machine learning, application whitelists, and robust password policies that require the use of multifactor authentication to keep threats at bay.
-
Network segmentation: This strategy guarantees that malware and compromised systems will be contained to a specific section of the network. By taking this step, organizations can also segregate intellectual property and personal data in order to keep that information secure in the case of a successful attack.
-
Prioritize extended network security: In order to prevent security gaps, organizations must confirm that solutions which are deployed within the main network are also deployed within the extended network – this includes OT networks, branch offices, and the cloud. Security teams should also analyze connections from customers, partners, or vendors to ensure that proper controls and filters are in place. If there is any possibility that malicious content could be extended to these connections, partners should be made aware.
-
Avoid compromised systems: Organizations must regularly back up their data and store this information offline in order to avoid compromise in the case of a breach – and these backups should also be analyzed for signs of malware. In addition to performing backups, security teams should isolate critical recovery systems, software, and devices so that they are readily available when needed.
-
Practice makes perfect: By performing regular recovery drills, organizations can ensure that their backed-up data is accessible and systems can be restored after an attack takes place. These drills also present the opportunity for individuals across the organization to understand their duties – if any issues arise during this time, concerns must be addressed and recovery strategies updated immediately.
-
Enlist outside help: In the event of a compromise, organizations should have a list of security and networking experts and consultants that can aid in the recovery process, as well as law enforcement, media consultants, and legal teams; many of these individuals should also be involved in recovery drills.
-
Keep on top of industry news: Organizations should make it a point to continually educate teams about current ransomware threats in order to take lessons learned from successful attacks elsewhere and apply them to internal security strategies.
- Improve awareness: By providingregular training updates in the form of videos, simulations, or educational posters, organizations can ensure their first line of cyber defense – employees – is strong enough to ward off threats.
Final Thoughts
While the thought of ransomware can cause panic, it is not impossible to overcome. By taking the appropriate steps and ensuring that each individual understands what needs to be done, organizations can keep their employees, customers, and partners protected, ensure that critical data is not compromised, and get systems back up and running with minimal downtime.
This is a summary of an article written for Threatpost by Fortinet’s Chief of Security Insights and Global Threat Alliances, Derek Manky. The entire article can be accessed here.