Combating ransomware has been a top priority for most of the organizations through out the world. Read on to know more…
As cyberattacks shifted from delivering ransomware through consumer-targeted spam to spreading across networks, the tenor of ransomware threats has shifted. The threat of extortion and data theft hasn’t faded away. From last year, the ransomware ecosystem shifted from high-profile, high-impact big-game hunting to a period of relative quiet marked by mid-level targets, increased ransom demands, and the first hacktivist ransomware attack on critical infrastructure.
According to a Black Kite-sponsored survey of 250 CISOs, more than half of them reported they were affected by ransomware at least once in 2021. This year, more than two-thirds of respondents expect at least one ransomware attack.
Organizations must invest in security solutions such as NDR, EDR, firewalls, and SIEM, as well as effective operational security standards and processes, to prevent ransomware attacks. While attackers are eager to exploit emerging vulnerabilities and attack avenues, security-conscious organizations can use a wide variety of compensating controls to make an attacker’s task more difficult.
Here are some of the best practices of minimizing ransomware attacks in organizations:
Evaluating Security Practices and Procedures: This mandates organizations to constantly re-evaluate their security practices and policies to adapt to organizational and threat landscape changes. Employees and partners should be subjected to security controls such as Least User Privilege controls. The ability to access organizational data, as well as the level of user permissions on local systems and network resources, should be considered by security teams. Users should disable macros and scripts for office documents, and also disable PowerShell scripting, or leveraging script signing and Microsoft Best Practices.
Regular Backups: Regular and rapid software updates and patches must be applied and this should include updates to operating systems such as Windows and Linux, as well as 3rd party applications.
Maintaining regular backups of all critical data including disconnected cold storage backups should be followed.
Security Tools: Security tools such as antimalware tools such as antivirus or Endpoint Detection and Response (EDR), Network Detection and Response (NDR), email filtering and attachment malware scanning tools should be deployed and properly maintained.
Training Employees: This produces tangible results, preventing users from growing complacent about security. Some of the topics that should be covered in training should include malicious email detection, validating the source of online documents begore opening them, not clicking on unknown URLs, avoiding sharing of personal information in both business communications and on social media.
Concluding Words
Increased investment in prevention infrastructure, such as broader cybersecurity infrastructure and widespread adoption of security best practices among all employees, will distinguish between organizations that can protect their critical data and those that will have to deal with the long-term consequences of a breach.
No security posture is flawless; with enough time and money, skilled and motivated attackers can get access to any environment. However, ransomware operators, like other criminal organizations, are only interested in extorting money, which means targeting easy targets for quick payouts. Each step an organization takes to make it more difficult to carry out a successful attack reduces the risk of ransomware attacks by ransomware operators..