Ransomware Protection Actions
Today in this article, we'll talk about ransomware protection actions, how to strengthen your defenses and recover after an attack.
Just the thought of ransomware is enough to keep CISOs and security teams up at night. Victims are faced with the terrible choice between paying a ransom to a criminal, who may or may not release their network and captured data, or potentially spending millions of dollars to remove the ransomware themselves. This is where the importance of maintaining good protection against ransomware comes in.
Summary
Second reportAccording to a recent report published by CNBC, the cost of a single ransomware incident is around US$$ 713,000. For this estimate we calculated the costs of paying the ransom, plus the losses related to downtime, the value of any data or hardware lost, expenses to improve the infrastructure and, finally, time and money to repair the brand image.
Also consider, this number can increase exponentially the longer critical systems remain offline.
And these costs are likely to increase. In a recent attack this year, for example, the attackers demanded a payment of 13 Bitcoin (more than US $ 75,000) for each computer affected by the attack so that users could regain access to their files - far above the normal ransom demand, which was previously just under US $ 13,000.
Don't fall victim to Ransomware
Due to the financial success of ransomware, it continues to attract cybercriminals who launch large-scale attacks aimed at sucking in careless victims. They carefully plan highly focused attacks aimed at specific targets with a higher probability of paying off. Even less technical criminals are getting in on the act via a growing number of ransomware-as-a-service portals available on the Dark Web.
Regardless of the approach, in today's digital world, a ransomware attack is more a matter of when that if.
Regardless of how grim this news may seem, organizations have ways of effectively defending themselves against ransomware attacks.
10 things you can do for Ransomware Protection
Here are 10 critical steps that every organization needs to consider as part of its anti-ransomware strategy:
Mapping the attack surface
You can't protect what you don't know needs to be protected. Start by identifying all the systems, devices and services in your environment that you rely on to conduct business and keep an active inventory. This process not only helps identify your most vulnerable targets, but also helps map out the system baseline for recovery.
Fixing and updating vulnerable devices
Establishing and maintaining a regular patching and updating protocol is just a basic best practice. Unfortunately, many organizations simply don't do it. Obviously, not every system can be taken offline for patching or updating. In that case, they need to be replaced (where possible) or protected using strict proximity controls and some kind of isolation or zero-trust strategy.
Updating security systems
In addition to updating your network devices, you also need to ensure that all security solutions are running the latest updates. This is especially crucial for the secure email gateway (SEG) solution. Most ransomware enters an organization via email, and a SEG solution must be able to identify and remove malicious attachments and links before they are delivered to the recipient.
Similarly, an effective web filtering solution that takes advantage of machine learning must be able to effectively stop phishing attacks. In addition, your security strategy needs to include items such as application permissions lists, mapping and limiting privileges, implementing zero trust between critical systems, enforcing strong password policies and requiring the use of multi-factor authentication.
Segment your network and be more secure
Network segmentation ensures that compromised systems and malware are contained in a specific segment of the network. This includes isolating your intellectual property and hijacking the personally identifiable information of employees and customers. Similarly, keep critical services (such as emergency services or physical resources like HVAC systems) on a separate, segregated network.
Protect your extended network
Ensure that the security solutions deployed on your core network are replicated across your extended network - including operational technology (OT) networks, cloud environments and branch offices - to avoid security breaches. Also take the time to review the connections of other organizations (customers, partners, suppliers) that touch your network. Check that these connections are reinforced and that the appropriate security and filtering is in place.
Then alert these partners to any problems you may discover, especially relating to the possibility of malicious content being shared or spread over these connections.
Isolate your recovery systems and back up your data
Run regular backups of data and the system and store these backups off the network so that they are not compromised in the event of a breach. Check the integrity of "backups" in search of evidence of malware.
Make sure that all the systems, devices and software needed for a complete system recovery are isolated from the network. This way they will remain available in the event of recovery from a successful attack.
Perform recovery exercises
Regular recovery simulations ensure that your backup data is readily available, the necessary resources can be restored and all systems can operate as expected.
Also make sure that all individuals and teams understand their responsibilities in this process. Questions raised during a survey should be addressed and documented.
Engaging external experts
Establish a list of experts and trusted advisors who can be contacted in the event of a compromise to help you through the recovery process. Where possible, you should also involve them in your recovery exercises.
NOTE Organizations should also immediately report any ransomware event to CISA, a local FBI or to a Secret Service field office.
Watch out for ransomware events
Keep up to date with the latest ransomware news by subscribing to threat intelligence and news feeds. The team must be aligned on how and why systems have been compromised, applying the lessons to the environment.
Educate employees
Instead of being the weakest link in your security chain, your employees need to be your first line of cyber defense. O "ransomware" usually starts with a phishing campaign, and it is imperative to apply the latest tactics to combat cybercriminals, whether they target corporate, personal or mobile devices.
In addition to the kind of regular annual security review that most employees should participate in, consider a regular cadence of awareness campaigns.
Quick 30- to 60-second video updates, phishing simulation games, executive team emails and informational posters help maintain awareness. In addition, running your own internal phishing campaigns can help identify employees who need additional training
Pass this on
When it comes to cybercrime, we're all in this together. Make sure you have regular meetings with industry colleagues, consultants and business partners - especially those essential to your business operations - to share these strategies and encourage their adoption.
Not only will this ensure that they don't spread the ransomware infection upwards or downwards, creating liability for themselves and for you, but it will also help protect your organization, as any network disruption is likely to have a cascading impact on your business.
Derek Manky is head of security insights and global threat alliances at Fortinet
Source: https//ftnt.me/68D233
