Cyber Security Month: How to protect your organization from a ransomware attack
#CyberSecMonth 2022
Ransomware
Cyber Security Month 2022
The European Cybersecurity Month is turning 10! For the 10th consecutive year the European Union Agency for Cybersecurity (ENISA) is partnering with the Commission and Member States in carrying out #CyberSecMonth: the EU’s annual campaign dedicated to promoting cybersecurity among EU citizens and organizations and providing up-to-date online security information through awareness raising activities and sharing of good practices.
The themes for this year’s Cybersecurity Month are: Phishing and Ransomware
Seven priority security controls
Governments and cyber security experts around the world are warning that ransomware attacks have reached “pandemic” proportions.
The risk of ransomware and other forms of cyber extortion cannot be eliminated but to mitigate this risk, organizations should review their security capabilities to ensure they are addressing the following seven priority areas.
Plan ahead to recover from a disruptive attack
There are two main components of planning ahead for a disruptive attack; business continuity planning, and incident response planning.
For the former, organizations should identify systems and data sources that are required to maintain critical operations, develop plans so that these operations can be maintained even if systems become unavailable and plan for how to restore critical systems, including a priority scale.
This also means having regularly updated backups that are protected from destruction. For the incident response, a clear understanding of key stakeholders, overall methodology and a high level work stream is required. To be better prepared, attack simulation exercises should be carried out and incident playbooks created and tested.
Defuse phishing emails
Phishing emails are the most common and effective form of attack used by cyber criminals, organizations should use a number of methods to prevent themselves from being damaged by them. First of all, automated filtering systems on email platforms are an effective first start.
Secondly, proactive education of staff to enable them to identify, report and delete phishing emails can protect your team from harm to themselves and your company. In order to ensure a good grasp of both the dangers and solutions to phishing is a simulation service that can be used for improving awareness and training. Additionally, after correctly identifying the phishing emails, an investigation can be carried out to understand the malicious capabilities and impact to the receiving users to define the potential success rate of the malware.
Identify and address software vulnerabilities
It is integral that you understand your technological shortcomings before an attacker does. Vulnerabilities are common across networks and applications. Organizations should regularly scan their networks remediate any identified issues and ensure that they have a formal patching process that is adhered to. The team must implement mitigating controls and diligently monitor systems for suspicious activity. There are many instances in which breaches happen due to delays in patching smaller issues, so this should become a priority for your company. In particular, the focus points should be areas that are known to be under active exploitation and outdated versions of software that are overdue for maintenance.
Fortify access points
A significant number of incidents occur because organizations neglect to properly secure access points into their systems; both online and in person. Companies need to identify all access points for anyone involved in the business; staff, customers, contractors and any third parties. They should scan the network perimeter to identify potential unknown access points and implement IP address filtering as much as possible. For higher risk areas and systems that require more security, source IP addresses should be locked down as far as possible. If the established systems detect unusual activity or failed login attempts, this should be looked into and monitored further.
Prevent malware from executing from inside your network
Anti-malware technologies can be very useful in preventing or restricting ransomware execution. Every system in your organizations should have sufficient anti-malware technologies installed and configured to actively block malicious activity. This should also be regularly updated. The best method is to use an endpoint detection and response system, as they include more capabilities and allow for varying degrees of investigation and response. However, these systems should continue to be monitored and maintained. The best option for companies that are looking to fortify their cybersecurity is internal network segmentation, or even micro segmentation. Separating production, non production and operational technology networks can prevent the malware in one section to affect the other sections, essentially containing the issue.
Clean up your organization’s data
With the increased statistics for data theft extortion attacks, organizations should take steps to minimise the availability of confidential data on systems, especially those that are more available. Companies should identify the most sensitive data, locate all copies of it and then place it somewhere with a “least needs” restricted basis. Monitoring access to this data as well as archiving and deleting old copies should also aid in protecting your information. Personal information in use should be a priority to consider, so it is essential to understand where it’s stored, collect it only if necessary and permanently destroy it if the legal basis for having it has expired.
Manage privileged access
Privileged access accounts are at the forefront of cyber attacker’s goals as they are the most valuable.
The steps that organizations need to take are:
- Allocate separate privileged access accounts to users and not allow them to be shared, provision privileged accounts with the minimum level of permissions required.
- Ensure that privileged access accounts are not used for daily activities, prohibit them from accessing the network remotely, ensure that they all require strong authentication and MFA to access, closely monitor use of these accounts, alert and investigate anything suspicious, harden systems (especially Active Directory), and review access controls regularly.
In conclusion, it is absolutely necessary for organizations to take cyber security extremely seriously. In the modern world, attacks on digital systems may have graver consequences than even those on physical premises, and there is a plethora of resources available for you to prevent that from happening. With so much personal information stored online, any breach can have long term effects. Investment into preparation for disruptive attacks, whether it’s time or money, will help you feel secure against the threats of hackers and have confidence in the fact that your data is safe.
For more information on how to protect your organization from Ransomware and Cyber Extortion download the CyberCX Best Practice Guide.
