While the story of ransomware starts way back to 10years ,it is not new for the organization to have heard about this term. Right from 2021 the industry has seen various cyber attacks by ransomware threat operators on well-known targets like Kaseya, Accenture, Colonial pipeline, etc.
Due to these facts, many organization’s C-suites started focusing on increasing the cyber security budgets which is helping to invest on various security products that can help to detect , prevent and contain the cyber attack.
Gone are the days where security incidents are majorly raised around the monitoring rules like password sharing , account lockout, or multiple authentication attempts on particular resources. While the entire industry has moved towards the WFH or Remote working scenario, its vital that the organizations starts focusing on employees and organizations infrastructures more closely with solutions like EDR, SIEM and other security solution.
One of the significant change which an organizations can bring to its security monitoring policy is to identifying what to protect and how to protect . While the “What to protect” can be a generic term it can also cover various aspects of organization such as Crown jewels, Sensitive infrastructures, Customer/clients data, Financial data, etc. The “How to protect” seems to be million dollar question among various organization .
Despite of multiple security technologies and various policies, organization’s can still fall as a prey for the Ransomware extortion by the threat actors. Below points can help the organization’s which can be followed as a thumb rule procedures to protect / prevent against the Ransomware based attacks.
- Cautious about hazardous links: It is important about not clicking the malicious links which are received via email or website which is luring us to perform some actions. Best approach towards this is to ignore the links / url’s which are unknown for us.
- Strong USB policy: One of major route a malicious threat actors spread their malware is via USB / Thumb devices. Significant steps needs to taken by the organization / individual around the USB devices to protect itself against various cyber attack. In short, assume hackers are already in your network if USB devices are allowed in your organizations.
- Stringent software download policy: Never download the software’s either via public file sharing sites or any other site other than the vendor download pages. Its critical for an organizations to have very strong software download policy which must be followed by an employee. An organization can have latest version of software’s which are whitelisted based on the analysis of multiple risk and can be made available easily for employees via internal portals.
- Awareness on Social engineering and Phishing attacks: While most of the attacks were successful after initial access techniques such as phishing and other social engineering attacks. An organization can start taking steps to protect or prevent against these attacks via proper awareness session and trainings on how to detect the phish and social engineering attacks. Remember “There is no patch for human stupidity, but employees can be trained to become intelligent” . Most of the ransomware / cyber attacks can be stopped on first level of this kill chain step.
- Keeping the infrastructure up to date: Almost all the threats on information security principles of Confidentiality, Integrity and Availability can be remediated by following strong patching compliance. It is important that both the IT and security teams work in sync on fixing the vulnerabilities pertaining to the ransomware attacks. It is also critical that the organizations update and maintain their security monitoring and detecting devices like AV, EDR, and other solutions. An organizations can start focusing on Risk based vulnerability management process to start protecting against the vulnerability which matters.
- Strong backup policy: An organization can include the backup policy as a critical item in its organizational policies and start initiating the process for critical data. One of the best approach towards this is to assume that there is a ransomware attack in your organization and prepare the inventory of data which needs to be backed up for proper functioning of all the processes available in the organization. Remember its always best to invest in external storage devices for backups than being in limelight due to ransomware or cyber attacks which leads to extortion of multi-million dollars by the threat actors. It is also important to store multiple backup of same organization data which can help on Business continuity procedure during ransomware attack scenario.
Last but not least, never pay the threat actors for the ransomware infection. Almost all the risk of ransomware threats can be avoided or minimized using various information shared above . Apart from that , an organization can also implement controls like implementation data encryption, Strong password policy,Threat intelligenc, Security trainings ,etc. One of the most important thing to follow during the ransomware attack is to not panic and handling the incidents with the relevant cyber security expertise.
–-For more Cyber security write-ups in crisp content . Please follow our site via twitter handle @cyberworkx1