Francis O’Haire from DataSolutions outline the ways businesses can avoid becoming victims of ransomware attacks.
The chances of falling victim to a ransomware attack have never been higher, and it is not just high-profile organisations who are at risk. Everybody is, from the largest public bodies to the smallest micro-organisations. Every business – no matter the industry – needs to make security the top priority.
While companies have always ranked security relatively highly, it has never been more crucial in our ever more connected, and increasingly hybrid world.
“Unfortunately, you do need to prepare for a breach or hack, which means implementing a comprehensive and regularly tested Business Continuity plan”
IT environments are widely distributed across devices, systems, clouds and locations. And that was before the pandemic brought about widespread remote working, as well as a wave of highly sophisticated new cyberthreats.
When it comes to refreshing or reinvigorating security policies, many companies simply adapt their existing solutions, roll out a technology in response to a specific incident in a particular area of their infrastructure, or change their cloud architecture to better meet their requirements.
The approach tends to be reactive when it should really be proactive. Furthermore, it must be multi-layered if it has any hope of combating a targeted attack. What does this mean exactly? Read on to find out how you can protect your business against ransomware attacks.
Don’t forget the security basics
Whilst traditional approaches can be effective, they need to be tested and fine-tuned. You can’t forget the basics like having a well-tested backup and recovery plan or a timely patch management process. Furthermore, you need to ensure that you implement well-managed perimeter and endpoint security policies. Together, these should prevent the amateurs from doing any real damage, but won’t stop a sophisticated attack. Keeping software and operating systems up to date through timely patch management is also critical, although not guaranteed to protect you as many attacks are against unpatched vulnerabilities and are known as Zero-Day Attacks.
An old dog should learn new tricks
The 2019 Cloud Security Report by Cybersecurity Insiders found that 66% of respondents said that traditional security solutions either don’t work at all in cloud environments or have only limited functionality. And that was two years ago – think about how much things have progressed since then in terms of both technologies and threats. That’s precisely why newer technologies and approaches are required to put up a better defence against the latest threats. These include micro-segmentation, next generation endpoint and sandboxing solutions, and Zero-Trust Network Access (ZTNA). In fact, ZTNA can add a whole new level of defence for your organisation including greater visibility, faster detection, reduced IT complexity and enhanced data protection.
Prepare for the worst
Unfortunately, you do need to prepare for a breach or hack, which means implementing a comprehensive and regularly tested Business Continuity (BC) plan. In other words, this will define what happens if an attack proves to be successful. As well as helping to safeguard critical information, a good BC strategy can reduce the impact on operations and service in the event of a breach. The foundation for this is maintaining and testing your backup regularly, especially the recovery capability of critical systems and data. These backups will be primary targets too though, so must be kept out of reach of attackers.
Divide and conquer
Traditional perimeter security solutions, such as firewalls and proxies, are still essential but it can almost be assumed nowadays that a motivated hacker will get inside your network. These perimeter solutions do not prevent that attacker from then moving between internal systems in search of valuable data to steal and potentially encrypt for ransom. To prevent this internal reconnaissance, or what is called “lateral movement”, a newer approach called Micro-Segmentation is needed. By defining and enforcing how internal systems can communicate with each other on a much more granular level, an attacker’s freedom to roam the network is thwarted, therefore protecting critical data and systems. Think about your environment as if it were a modern airport – place strict controls on both staff and travellers (hackers) in terms of where they can move within the environment in order to create a safe and secure space.
Older endpoint security approaches such as anti-virus are also no longer up to the task of preventing a laptop or mobile device from being the point of entry for an attack. These products often rely on prior knowledge of a vulnerability or malware. Modern endpoint security solutions can protect against completely unknown and never-before-seen attack methods. This is achieved via techniques such as Threat Emulation and Threat Extraction where a suspicious file or program is opened in an isolated sandbox where its behaviour and intentions can be safely determined and neutralised, as necessary. More comprehensive solutions also include dedicated Anti-Ransomware and Anti-Phishing protections.
Practice and preach
As well as technological protections, staff training is also an important part of a multi-layered security strategy. Many targeted attacks will start with a phishing email where a legitimate looking request from a colleague, supplier or customer will entice the user to click on a malicious link or open an infected attachment which then lets the attacker gain access to the network. Teaching employees how to identify these fake requests is essential. So too is the need for staff to know how important it is for them not to be afraid to report them quickly if they do fall victim to one.
No company is immune to attack
Ransomware and other cyberattacks can be devastating, not only in terms of operational disruption but also reputational damage and financial cost, and they are inevitable.
Remember, no company is immune to attack or “too small” to be targeted. However, such attacks can be prevented or have their effects neutralised with the right security solutions and strategies in place. Of course, as threats continue to develop, so too must your approaches.
Standing still and being reactive will not help to protect your business against ransomware and other attacks; it’s about continually reviewing, adapting and taking proactive action.
Francis O’Haire is group technology director at DataSolutions. DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland since 1991.
Published: 26 May 2021