Ransomware can be devastating and pervasive and it can infect a system or network from just about any angle. It can come from employees opening a phishing email, customers or clients installing unprotected applications or content, or an angry employee who willingly infects systems.
Companies need a diverse and responsive cybersecurity plan to keep up with increasingly sophisticated attacks. Global ransomware reports increased by 715% year on year in 2020 and the United States is ranked No. 1 in the total number of attacks.
Ransomware is executed through malicious code. It takes a system hostage until a ransom is paid, hence the name. It does this by encrypting content, whether an entire network, a server or files in between. After the ransomware takes hold, the data cannot be unencrypted without the secure key.
Hackers use this method to collect a ransom, which is usually requested in cryptocurrencies.
The problem is that once they are paid, there are no guarantees the hackers will unlock the data or provide the correct encryption key. Even if they do, they can still leverage that information later for future attacks, or they can cause more damage by releasing it in a dump. It’s recommended that people don’t pay the ransom.
An incident response plan is necessary to deal with security threats before, during and after they happen. However, the best defence is a proactive one that is prepared to thwart or stop incoming attacks. The appropriate preparations can mitigate their frequency and the damage they can cause.
Here are some ways to prepare for more sophisticated attacks:
It’s not enough to have a single backup source for data and systems. There should be three, one of which is the live system. The other two should be on different media and one of them should be completely offline.
This can be incredibly challenging for large-scale corporate systems, in which case it might be necessary to hire a third-party backup service provider. Everything should be encrypted and securely stored off-site with strong physical and digital security.
The best way to measure the effectiveness of a cybersecurity defence is to test it. Penetration tests validate network security and find potential weaknesses.
Penetration testing is also one of the better ways to measure a wide variety of network and computing configurations, including MSP solutions. All organisations should do this, regardless of their network, systems or setup.
Phishing is a common attack vector for ransomware and it often happens because people don’t understand where it comes from, how it gains access or what it means.
About 43% of employees do not receive regular data security training. Workers are on the frontline and they often don’t know what’s coming at them. Even those with basic cybersecurity awareness may not understand what they’re looking for or how to avoid potential attacks.
Training should be updated regularly, with continued experiences for employees throughout their careers. The security and threat landscape changes and their knowledge should evolve along with it.
Email is a common point of attack, so there should be alternatives that reduce its need.
Utilising alternatives such as chat tools like Slack or Microsoft Teams also eliminates some of the stress on employees who would otherwise watch for potential attacks. However, the concept should be extended to all vectors and opportunities. It’s a low-effort and reliable way to reduce risks.
Most corporate networks have filters and firewalls to stop incoming dangers. The same strategy should be implemented across all channels. For example, strong spam filters can help weed out phishing contacts.
Outdated systems and software are vulnerable. Everything teams are using should be regularly updated. Critical performance and security patches could prevent a major breach.
Stop using outdated systems that are no longer being supported. The massive WannaCry attack took advantage of old systems and it was successful and widespread because so many people were using legacy hardware and software solutions.
Network segmentation is a beneficial and reliable security measure that separates various parts of a system. If something happens in one section, the problem can be sealed off and effectively quarantined.
Moreover, segmentation can minimise the harm of all attacks, not just ransomware.
Security should never be an afterthought. From the moment a network goes live, it should remain a foundational element. It means putting all necessary filters and firewalls in place, establishing appropriate security teams and enabling company-wide protocols with the right training for workers. These are critical measures businesses should take to avoid a ransomware attack.
Devin Partida is a technology writer and the Editor-in-Chief of the digital magazine, ReHack.com. To read more from Devin, check out the site.