While some malware attacks focus on data theft or fraud of some kind, ransomware goes a step further by locking down access to files and threatening the permanent destruction of precious data unless a ransom is paid. Ransomware has become the top threat type facing modern businesses, comprising 23% percent of attacks, according to an IBM report. Businesses that fall victim, often feel they have little choice but to pay up, though that’s no guarantee that you will get your data back.
As ransomware runs rampant, global costs are expected to reach $20 billion this year, according to Cybersecurity Ventures, which predicts an attack every 11 seconds on average. While you should maintain a regularly updated offline backup and draft a comprehensive incident response plan, it’s prudent to take steps to cut down your risk of ransomware exposure in the first place. The good news is that there are several things you can do to reduce the risk of falling victim to ransomware and these best practices will also enhance your cybersecurity in general.
1) Social engineering is your biggest risk
Somewhere between 70 and 90% of all malicious breaches start with social engineering and phishing attacks. By far the most effective thing you can do to reduce the threat of ransomware for your organization is to educate your workforce. Every employee from the CEO to office support should be engaging in regular security awareness training. Teach people to spot rogue URLs and common phishing techniques, make it easy for them to report suspected phishing emails with a report button in the email client, and test them to make sure the training is sinking in.
You can reinforce your security awareness training with positive feedback. Always reward the behavior you want to model and try to make training fun, rather than a chore. Back regular training with clear and accessible policies and technical controls that layout expectations and responsibilities for reporting, investigating, and mitigating issues where necessary. Build in a feedback system, as this will encourage people to be more vigilant and to report anything suspicious.
2) Update and properly configure software
Unpatched software is the second most common way onto networks for ransomware. It’s relatively easy and takes little effort for cybercriminals to try and exploit known vulnerabilities in software. The longer you take to install crucial updates that often include security fixes, the more likely it is for ransomware to infiltrate your network. Any internet-accessible software should be kept up to date with the latest security patches as a priority.
It’s also crucial to properly configure all the software you use and remove any default accounts. Another easy way in for attackers is to use default admin credentials to access software and devices on your network. Sometimes vulnerabilities lie in unused modules and features of the software you use, so proper configuration is very important.
3) Restrict access and permissions
Deploying access controls is a great way to prevent attackers from gaining a foothold on your network and limiting the damage they can do if they do gain access. Start by reviewing permissions and ensure that employees only have access to files they need for daily duties. By restricting access and admin rights you can prevent one set of stolen credentials from infecting your whole network.
With multi-factor authentication (MFA) you can potentially block attackers from accessing your network, even if they have stolen a set of legitimate credentials. It’s important to note that there are many different MFA solutions on the market ranging from the familiar email or SMS code to higher security checks that include biometrics or device and user behavior analysis.
4) Enforce a password policy
As unlikely as it seems, weak passwords are still a route in for cybercriminals, so a strict password policy is vital. There two main rules to keep in mind:
- Don’t allow weak, easy-to-guess passwords. Insist on a mix of lower and upper case letters, numbers, and special characters.
- Don’t reuse the same passwords anywhere. If someone gets ahold of a password for one site or system, there’s a good chance they’ll try it elsewhere to see if it has been reused (that includes slight variations).
5) Employ application control
No matter how cautious and stealthy an attacker is, they have to run programs and trigger processes to install ransomware on your network or to exfiltrate data. Use an application control program that can detect brand new previously unknown executions. Windows comes with one called AppLocker and Application Control Program, but you can use CrowdStrike or Microsoft Advanced Threat Persistence. You can also find application control programs in most big anti-virus packages, like Beyond Trust, Carbon Black, and Tripwire.
If you run an application control program in audit-only mode or monitoring-only mode, you can create a baseline for normal behavior and then have anything new trigger an alert. You can operate a whitelisting system, whereby you automatically block, then investigate and whitelist programs that are not deemed a risk, or you can go with a blacklist and allow the program by default, but then investigate and blacklist anything that seems suspicious. This can cause some disruption for employees and it creates some work for IT, but it’s a good way to ensure that ransomware doesn’t spread unnoticed.
While it’s very hard to eliminate the risk of ransomware, these defensive actions will make your organization much tougher to breach.
Written by Stu Sjouwerman. Have you read?
Best Hospitality And Hotel Management Schools In The World For 2021.
Rankings. Best Countries. Best Books. Richest List.
Best Fashion Schools In The World For 2021.