This article was written and produced by David Scudo, Security Consultant, FoxPointe Solutions. Looking to get in touch with David? Reach out today: firstname.lastname@example.org.
In 2020, protecting an organization from cyber-attacks means that you need a plan to combat ransomware. Ransomware infections can be expensive, and costs can encompass more than just financial decisions. Paying a ransom to retrieve encrypted data is never an ideal situation and the cost to do so is hardly where it ends, as there may be fines and other more difficult to quantify ramifications such as reputational damage. The impression that a ransomware attack can leave on customers, business associates, and other organizations can have unknown and lasting effects that may prove to be impossible to remediate.
With so much at risk, it is important to discuss the steps that can be taken before an attack occurs, with the goals of dissuading an attacker from targeting your organization and its assets and securing and protecting them in the event that an attacker does gain access. The Multi-State Information Sharing & Analysis Center’s (MS-ISAC) has made recommendations that can be summarized in four easy steps: protect your data, harden your infrastructure, train, and monitor, and create an incident response plan.
Protecting your Data:
- A strong backup policy and procedure (including offline backups).
- Copies of critical source code and scripts and compatible hardware.
- Regular formal data restoration testing.
- Annually reviewed Disaster Recovery (DR) and Business Continuity Plan (BCP).
Most ransomware attacks involve an attacker attempting either to extort money from the victim in exchange for the data that they’ve encrypted or to cause financial or reputational harm to the targeted organization by holding the encrypted data hostage indefinitely and seeking publicity for their crime.
Harden your Infrastructure:
- Regular patching and vulnerability management.
- Regular internal and external scans of the organization’s infrastructure.
- Disable unneeded protocols (particularly RDP and TCP).
- Close unused ports.
- Remove or disable applications that are not necessary.
It is imperative to act to remediate critical vulnerabilities as soon as they are found to reduce the chance that an attacker can establish a foothold in your environment. Additionally, the principle of least privilege is not just for staff; systems and applications should only have the tools and access required to perform their duties.
Train and Monitor:
- Conducting regular security awareness training (including phishing and social engineering)
- Monitor critical assets and applications.
- Conducting formal audits of privileged access and login attempts (especially remote access).
- Collect and review assurance documentation.
- Auditing security practices of third-party vendors.
In conclusion, always provide your staff with the knowledge and experience required to identify abnormal conversations, access attempts, and fraudulent emails and to examine new and existing trust relationships. Without proper review of vendors and managed service providers, another potential door is open to attackers through a compromise of these trusted relationships to exploit your organization. To download the full guide, click here. Reach out to me today or one of my talented colleagues to schedule a one-hour cybersecurity readiness session.