Protection actions against Ransomware
We will talk today in this article on Ransomware Protection Actions, how to reinforce defenses and recover from post-attack.
Just the thought of ransomware is enough to keep CISOs and security teams up at night. Victims are faced with the dire choice between paying a ransom to a criminal, who may or may not release their network and captured data, as well as potentially spending millions of dollars to remove the ransomware on their own. Therein comes the importance of maintaining good protection against Ransomware.
Second reportn recent published by CNBC, the cost of a single ransomware incident is about US $ 713,000. For this estimate, the redemption payment costs were calculated, added to losses related to downtime, value of any data or lost hardware, expenses to improve the infrastructure and, finally, time and money to repair the brand image. Also consider, this number can increase exponentially the longer critical systems remain offline.
And those costs are likely to increase. In a recent attack this year, for example, attackers demanded a payment of 13 Bitcoin (more than US $ 75,000) for each computer affected by the attack, so that users could regain access to their files - well above the normal demand for bailout, which was just under US $ 13,000.
You don't have to be a victim of Ransomware
Due to the financial success of the ransomware, it continues to attract cyber criminals who launch large-scale attacks seeking to suck the careless victims. They carefully plan highly focused attacks, targeting specific targets most likely to pay. Even less technical criminals are riding the wave through an increasing number of ransomware-as-a-service portals available on the Dark Web.
Regardless of the approach, in today's digital world, a ransomware attack is more a matter of when the what if.
Regardless of how bleak this news may seem, organizations have ways to effectively defend themselves against ransomware attacks.
10 Things You Can Do To Get Protection Against Ransomware Attack
Here are 10 critical steps that every organization needs to consider as part of its anti-ransomware strategy:
Attack surface mapping
You cannot protect what you do not know that needs to be protected. Start by identifying all the systems, devices and services in your environment that you trust to conduct business and maintain active inventory. This process not only helps to identify your most vulnerable destinations, but also helps to map the system's baseline for recovery.
Fixing and updating vulnerable devices
Establishing and maintaining a regular patch and update protocol is just a basic best practice. Unfortunately, many organizations just don't do it. Obviously, not every system can be taken offline for update fix. In that case, they need to be replaced (when possible) or protected using strict proximity controls and some sort of isolation or zero confidence strategy.
Security systems update
In addition to updating your network devices, you also need to ensure that all security solutions are running the latest updates. This is especially crucial for the secure email gateway (SEG) solution. Most ransomware enter an organization via email, and a SEG solution must be able to identify and remove malicious attachments and links before they are delivered to the recipient.
Likewise, an effective web filtering solution that takes advantage of machine learning must be able to effectively stop phishing attacks. In addition, your security strategy needs to include items such as application whitelists, mapping and limiting privileges, implementing zero trust between critical systems, applying strong password policies, and requiring the use of multi-factor authentication.
Segment your network and have more security
Network segmentation ensures that compromised systems and malware are contained within a specific segment of the network. This includes isolating your intellectual property and hijacking the personally identifiable information of employees and customers. Likewise, keep critical services (such as emergency services or physical resources, such as HVAC systems) on a separate, segregated network.
Protect your extended network
Ensure that security solutions deployed on your primary network are replicated across your extended network - including operational technology (OT) networks, cloud environments and branch offices - to prevent security breaches. Also take the time to review connections from other organizations (customers, partners, suppliers) that touch your network. Check that these connections are reinforced and that appropriate security and filtering are in place.
Then, alert these partners to any problems you may discover, especially related to the possibility of malicious content being shared or spread over those connections.
Isolate your recovery systems and back up your data
Perform regular backups of the data and the system and store these backups off the network so that they are not compromised in the event of a breach. Check the integrity of the backups for evidence of malware.
Make sure that all systems, devices and software necessary for a complete system recovery are isolated from the network. In this way, they will remain available in case of recovery from a successful attack.
Perform recovery exercises
Regular recovery simulations ensure that your backup data is readily available, as well as the necessary resources can be restored and all systems can operate as expected. Also consider that all individuals and teams understand their responsibilities in this process. The issues raised during a survey must be addressed and documented.
Engage external experts
Establish a list of trusted experts and consultants who can be contacted in case of compromise to assist you in the recovery process. When possible, you should also involve them in your recovery exercises. NOTE : Organizations must also immediately report any ransomware event to CISA, a local FB field officeI or to a Secret Service field office.
Pay attention to ransomware events
Stay up to date on the latest ransomware news by subscribing to some threat intelligence and news feeds. The team must be aligned on how and why the systems were compromised, applying the lessons in the environment.
Rather than being the weakest link in your security chain, your employees need to be your first line of cyber defense. O "ransomware”Usually begins with a phishing campaign, and it is imperative to apply recent tactics to fight cybercriminals, whether they target corporate, personal or mobile devices.
In addition to the type of regular annual safety review that most employees must participate in, consider a regular cadence of awareness campaigns.
Quick 30- to 60-second video updates, phishing simulation games, executive team email messages and informational posters help to maintain awareness. In addition, running your own internal phishing campaigns can help identify employees who need additional training
Pass This Along
When it comes to cyber crime, we are all in this together. Make sure you have regular meetings with industry colleagues, consultants and business partners - especially those essential to your business operations - to share these strategies and encourage their adoption. This will not only ensure that they do not spread ransomware infection up or down, creating accountability for you and you, but it will also help protect your organization, as any network disruption is likely to have a cascading impact on your business.
Derek Manky is head of security insights and global threat alliances at Fortinet
Source: https // ftnt.me / 68D233