They may sound basic to IT defenders, but these five steps bear reiteration here in case complacency or misconceptions take root
Ransomware is among the most prevalent cyber threats today. With modern enterprises relying extensively on data to run their operations, cybercriminals can effectively shut down an entire organization by taking their data hostage.
Moreover, ransomware attacks are becoming increasingly sophisticated and multi-layered. For instance, by encrypting and exfiltrating their victims’ data, cyber perpetrators can extort more money by threatening to expose the information to data leak sites or underground forums.
So, what can organizations do to protect their business? Here are five important considerations:
-
Is your firm’s cyber hygiene up to scratch? Do your IT teams perform disciplined vulnerability assessment and management where all operating systems, software, firmware, and network devices are constantly updated? Additional attention is needed for end-of-life and end-of-support applications and devices. Organizations should also enforce robust password regimes and leverage measures such as Multi-Factor Authentication.
People form another critical aspect of cyber hygiene evaluation. Organizations should conduct regular cyber awareness training to raise employees’ level of security knowledge and awareness. Continual exercises such as phishing attack simulations are needed to elevate employees’ cyber resistance to social engineering attacks.
-
Adopt Zero Trust: The impetus to adopt a zero-trust framework is the dramatic growth of endpoints within organizations, and the need for more devices to communicate directly with applications. Zero Trust allows enterprises to verify access requests based on identity and user context and limit access to specific applications to authorized users, creating a more secure digital environment.
-
Fortify data backup and disaster recovery: Effective preparation is the key to minimizing the impact and disruption that ransomware attacks can bring. Fastidious attention to data backups, regular testing of backup restoration, and storing data in vaults are steps critical to avoiding a data hostage situation.
Having no choice but to pay cyber ransoms is not acceptable. Instead, organizations should focus on preparations that allow them to get back on their feet swiftly by being able to perform data recovery to resume operations.
-
Consider setting up an SOC: Enterprises that can justify the cost can set up their own security operations center (SOC) or by subscribing to the services of one. Through this investment, organizations can move beyond security information and event management tools and receive curated global intelligence information. Additionally, integrating Security Orchestration And Automation can give enterprises the ability to automate containment actions swiftly.
A fully functional SOC also relieves an organization from the cyber talent skills shortage because the SOC can devote more specialized resources to acquire and train cyber defenders.
-
Secure your digital ecosystem: Evaluate the security posture of external contractors and partners to ensure all connections between them and outside software/hardware are monitored and reviewed for suspicious activity. When selecting partners and vendors cybersecurity assurance should also be critical evaluation criteria. Organizations need to be able to trust their partners’ capabilities to secure the data shared with them.
With the industrialization of cybercrime; the rise of double-threat ransoms; the democratization of cybercrime through Ransomware-as-a-Service groups; and the continual advances in malicious cyber tactics, enterprises not only need to spruce up their cyber defenses, but continually adapt and evolve their vigilance.