Now viewed as a serious threat, ransomware is expanding to attacks on mobile devices and even IoT, wreaking havoc on big and small businesses alike, across industries.
There are several reasons for the current rise of ransomware. One being that there is a continued maturity of Crime-as-a-Service (CaaS).
Criminal organisations are now adopting corporate structures and developing a market of services on the Darknet. In fact, their capabilities are even able to outpace enforcement agencies.
Another reason ransomware continues to make headlines is because it is an opportunistic threat that does not necessarily require any coding skills, as kits can now easily be bought over the Darknet.
Finally, the risk of getting caught is low, and with the high profits gained, the ROI for carrying out ransomware is extremely high.
>See also: How one CIO left behind a diversity legacy at oil giant BP
The extent of the damage that can happen to an organisation from ransomware is far reaching, with the main damage being disruption of operations.
The most recent cyber security DDoS attack caused Internet outages across a major portion of the East Coast, proving how much harm can be done.
As experts expect the ransomware industry to continue developing and producing more aggressive variants, it is essential organisations discover ways to protect themselves from attacks.
This article maps out six key steps CIOs should take to protect their infrastructure against ransomware and implement policies and procedures to ensure proper cyber security measures are put in place.
1. Train employees to maintain a secure routine and implement a mandatory backup policy. This is the first and most crucial step as it involves a lot of personal diligence from employees.
Since in this type of breach, data is stolen for economic purposes, the sought-after data must have economic value. Identify the type of data that can be attractive to hackers and create safety procedures regarding its access, storage, and back-ups.
Do not open suspicious links that were received from emails or social media channels such as Facebook and Twitter.
>See also: The legal sector: a CIO and AI love affair?
Do not open suspicious emails and particularly email attachments. According to PhishMe, at the end of March 2016, 93% of all phishing emails contained Crypto ransomware (compared to 56% in December 2015).
When opening attachments that contain Office documents, do not automatically click on “enable macros,” as many malware families are distributed in Office documents, which trick users into enabling macros, allowing the malware to execute itself.
You should only enable macros from trusted sources, and use the Microsoft “Block macros from running in Office files from the internet” option, so that macros from any Office files that were downloaded from the Internet cannot be enabled.
Some malicious scripts that require executing outside of the browser rely on Windows Script Host, so it should be disabled to prevent any scripts (including VBScript and JScript) that rely on it for running.
Keep your operating system and other programs up-to-date to prevent attackers from exploiting known vulnerabilities.
Use anti-spam services for effective email filtering.
2. Install endpoint and email protection solutions as part of a reliable security suite that can offer multiple layers of protection.
Though end-to-end encryption can be complex to implement, it is worthwhile investing in it to protect valuable data and render it useless too intruders. Encryption adds an extra layer of security, restricting accessibility.
3. Create a centralised patch management system for Microsoft Office, Adobe applications, web browsers, browser plug ins to minimise exploits.
4. Block TOR in your network because many ransomware variants use the TOR proxy servers.
>See also: The changing role of the CIO and boardroom in 2017
5. Manage users’ privileges and access by defining the level of access to corporate data that employees have and avoiding giving users access to important directories when it is not necessary for carrying out their roles, particularly administrative access.
6. Use a combination of strategies (i.e. ensure backups in different platforms) to have a ‘Plan B’ in place in case a certain backup on a certain platform has been infected. This can include a recovery tool that can be accessed from strategically placed server.
As ransomware attacks continue to make headlines with no end in sight, there are actions organisations can take to reduce their risk of becoming the next victim.
Using the tips above to establish protective security measures will help organisations lower their chances of being targeted for the next attack and falling victim to data leaks, wiped data, and disruption in operations, which all ultimately lead to a negatively impacted bottom line.
Having a game plan with proper procedures set in place will help ease the minds of organisation leaders as they will be better equipped against future cybersecurity attacks.
Sourced by Guy Caspi, CEO of Deep Instinct
