Ransomware continues to be a significant risk across various industries. The most recent “high profile” ransomware attack victim was the city of Atlanta. The attack shut down the city’s online systems for several days resulting in significant disruption. It also cost the city over $5 million in remediation costs.
Ransomware risk has become a fact of life and while there is no silver bullet to prevent it there are several things you can do to mitigate the risk. With help from our friends at TechGuard Security and RackTop Systems, here are five ways to reduce your ransomware risk. These are in alphabetical order because they are equally important!
(contributed by TechGuard Security)
Did you know that 95% of all cyber attacks are caused by human error? Ransomware attacks are no exception. Most ransomware attacks are carried out in the form of phishing attacks. Humans are notorious for clicking on links or opening attachments that initiate the ransomware infection process. Sophisticated cybercriminals know this and target unsuspecting employees to gain access to passwords, data, intellectual property, and money. Enabling a ‘human firewall’ is an important component that cannot be over looked when securing a network from internal threats. Fortunately, this is not a difficult task. In fact, it can be done in three easy steps: train, phish, track.
A good training should be interesting, role-based, interactive, and tailored to the company’s industry laws such as PCI or HIPAA, for example.
Phishing is a great way to evaluate where you are at in terms of security and to see where you need to implement training. Use a variety of styled phishing templates and customize your landing page.
Awareness training is only as good as it’s managed. Best practices include being able to track data and performance over time with analytics. By managing these you can see if the frequency of training needs to be adjusted. Keep in mind of all the employees who come and go within your organization.
The key to security awareness training is providing a solution that encompasses highly engaging, real-world content, sophisticated phishing simulations, and robust tracking. Our friends over at TechGuard Security have a cool solution called S.H.I.E.L.D that provides all of these components.
Back Up Your Data
(contributed by RackTop Systems)
If you are unable to prevent a ransomware attack or detect it before it does significant damage, making sure your data back up strategy is up to snuff is critical. Our friends at RackTop Systems are doing some cool things integrating storage and security. Since they are experts on the storage side, we asked them for best practices to consider on this front.
Here’s what they had to say:
“Backing up data is like flossing or maintaining a healthy exercise regimen. We all agree it’s a good idea, but it’s a secondary function. Much is the same with data backup. But ransomware is changing that, because it’s easier for the bad guys to quickly hijack all your digital assets. The possibility of a natural disaster or component failure taking out all your data is significantly lower when compared to hundreds or thousands of infected endpoint computers being able to quickly shred through Enterprise file directories.
That’s why it’s important to be diligent about data protection. And it’s hard, because regardless of the increased threat, it’s still a secondary function within the IT department. That’s why RackTop embeds an “always on” ransomware protection capability directly into its BrickStor primary storage system. Not only are we solving the primary purpose of storing data, but we are also addressing the secondary ransomware issue automatically without any added impact to the IT team.
If you are not using RackTop storage, two important things you can do to ensure you have good data hygiene are to routinely ensure all your data is included in your backup policy and test your backups on a continuous basis to ensure you can recover. You don’t want to discover you “forgot to add that folder” or “the backup failed” when you try to recover from a catastrophic ransomware incident.”
One way you can significantly reduce your ransomware risk is through GEO-IP filtering. Blocking traffic from countries you don’t do business with can significantly reduce your attack surface. GEO-IP filtering is not new but technologies like our PoliWall® Threat Intelligence Gateway (TIG) are making it easier to use and manage compared with the traditional approach of firewall rules and access control lists (ACLs). PoliWall maintains up to date IP address information for every country and enables you to easily block traffic from countries with the click of a map. PoliWall TIG also makes it easy to utilize exceptions and whitelists to let the traffic you want in.
Patch! Patch! Patch!
It’s hard to believe that there are still issues with patch management. Doesn’t this make you “WannaCry?” In all seriousness, the WannaCry attack targeted a vulnerability in Microsoft’s SMB protocol, which enables communications between clients and network file shares. Microsoft had distributed a patch to address this vulnerability two months before WannaCry appeared. This is an excellent example of how proper patch management can prevent ransomware attacks.
Use Threat Intelligence
While the volume of known threats continues to grow, the good news is there is a significant amount of actionable threat intelligence (TI) that can be used to mitigate your risk from known threats including ransomware. While TI has traditionally only been accessible to large enterprises with significant resources, Threat Intelligence Gateways (TIGs) are bringing the power of threat intelligence to companies of all sizes.
TIGs are solving a key security problem which is that existing network security solutions like next generation firewalls (NGFWs) and unified threat management (UTM) solutions were not built to be able to process the volume of threat intelligence required to protect today’s networks. These solutions are only capable of processing a few hundred thousand threat indicators before significant performance issues kick in forcing them to only utilize a subset of TI.
Our PoliWall TIG eliminates this constraint enabling you to not only use TI but also to take action (i.e. block traffic) with it to protect your network. Importantly, it does this in a simple and automated way.
Ransomware is now a fact of life and while it may not be 100% preventable there’s things we can do better to mitigate ransomware risk. This blog outlined five ways you mitigate ransomware risk.
If you’re using TI to mitigate ransomware risk we’d love to hear what you’re doing and how it’s going.If you’re only using the limited TI included in your existing security solutions and are interested in learning more about TIGs like our PoliWall solution – hit us up!