C-Suite Advisory

4 Lines of Defense in Effective Ransomware Prevention

Ransomware is rampant, but there is a strategy you can follow to avoid being the next headline-making victim. It all starts with your people, and their habits.

With ransomware, organizations would love to find that elusive silver bullet. But those in the trenches know there’s none to be found. There’s no single, magical piece of hardware or software ensured to protect against months’ worth of reconnaissance run by coordinated cyber-gangs or the zero-day exploits available for purchase on the hard-to-trace dark web.

Your employees seeing a ransomware note on all workstations is the tail end of a long attack chain. Before they even get to that last extortion step, they breach perimeter defenses and gain a foothold in your internal network, move laterally to explore high-value assets and people, enumerate files of interest, garner more credentials and gain more privileges. They only drop the encryption payload when a certain victory is in sight.

Unless you can return to pre-internet days and give up the luxury of digital connectivity, you need a defense strategy that’s multi-dimensional.

  1. Defense-in-Depth
    The appropriate approach is to implement defense-in-depth, where if one security control fails, the next line of defense remains intact. It’s all about having redundant security measures surrounding end-users, web, hardware, software, data, and the network. When you have a series of defenses tied together in concert —e.g., firewall, endpoint protection, intrusion detection/prevention, zero-trust architecture, data encryption, multi-factor authentication—you’re making it much harder for bad actors to penetrate your network.
  2. Security Awareness Training
    Talking about multiple ransomware attack vectors and adopting a layered approach to security, your employees will always be your last line of defense. Social engineering tactics like highly targeted spear-phishing are the most prevalent means attackers use to get behind your organization’s security perimeter. In such cases, the attack chain executes only after an employee clicks a malicious link or downloads a ransomware-laden attachment.Your employees are essentially an extension of your information security team, but you can’t simply expect them to combat ransomware right off the bat; you must conduct security awareness training and reiterate best practices until caution becomes second nature.  Security awareness training not only covers the latest threat vectors, tactics, and red flags, it also covers basic security hygiene essentials that are often overlooked.
  3. Frequent Attack Simulations
    Combining security training with frequent phishing attack simulations is the perfect one-two punch of ransomware prevention. Simulated phishing attempts will give employees a taste of real-world phishing attacks because best-in-class platforms will use real phishes (defanged for testing) that have been sampled from email inboxes. Testing in this way breeds a culture of skepticism and muscle memory (or mental habit) helping people learn to identify and report bogus emails.At the same time, you can validate and measure the effectiveness of your security awareness training without waiting for a real ransomware attack to strike.Conducting unannounced simulated phishing attacks will keep workers on their toes with security top of mind. When people are educated, it becomes a lot more difficult for phishing attempts or other email-based attacks to succeed.

    Such exercises can inoculate people against the latest threats and give you an idea of who among your employees are the weakest links. When you know who are your phish-prone employees, you can better control the threat and fortify your defenses with focused training for the people that need it.

  4. Data Backups
    No ransomware plan is complete without including regular data backups. Though here’s the caveat: modern ransomware variants will actively search for and corrupt backups on the same network. Once someone from an infected computer connects to the cloud storage, cloud-based backups will be infected as well. So the key here is to always have updated, offline backups available as well.Organizations often overlook the importance of testing the restoration process, which means they could be in for a rude awakening when the time comes to restore systems. It helps to frequently test the validity of your backups and restoration process.Ransomware is here to stay, and at the current rate, it’s only a matter of time before the threat hits home. Double extortion attacks are on the rise, which means data backups alone won’t save the business. Attackers are using crypto-mining malware alongside ransomware; this means they could be hijacking network resources to make money long after the ransom is paid and files are restored.

Prevention should be the primary goal. Ensure employees are trained to be your last line of defense, the defensive assets they can learn to become. Combined with defense-in-depth strategies, this two-pronged approach can combat ransomware at every stage of the attack chain and make life for bad actors very hard.


Written by Stu Sjouwerman.

Track Latest News Live on CEOWORLD magazine and get news updates from the United States and around the world. The views expressed are those of the author and are not necessarily those of the CEOWORLD magazine. Follow CEOWORLD magazine on Twitter and Facebook. For media queries, please contact: info@ceoworld.biz

Stu Sjouwerman
Stu Sjouwerman is founder and CEO of KnowBe4, [NASDAQ: KNBE] developer of security awareness training and simulated phishing platforms, with over 41,000 customers and more than 25 million users. KnowBe4 also offers a KCM GRC platform that provides ready-made templates for quick compliance evaluations and reporting. Centralized policy distribution and tracking helps users remain compliant, as does flagging risky users. Sjouwerman was previously co-founder of Sunbelt Software, the anti-malware software company acquired in 2010. He is the author of four books, his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.”


Stu Sjouwerman is an opinion columnist for the CEOWORLD magazine. You can follow him on Twitter and LinkedIn.