An increase in attack sophistication is proof of the growing threat ransomware poses to all organizations, cybersecurity agencies from the United States, United Kingdom, and Australia said on Wednesday.
Estimated reading time: 4 minutes
Over the past several years, ransomware has become a more significant threat to organizations in private and public sectors, including financial services, food and agriculture, government, healthcare, and other critical infrastructure industries.
Ransomware is a type of malicious software designed to block access to someone’s computer system until a sum of money is paid. The threat of ransomware attacks is increasing the risk for all organizations, and the money spent to resolve the damage is growing. The FBI estimates that ransomware attacks to be a $1 billion industry. And more “bad guys” are turning ransomware into big business.
So, what can organizations do to protect themselves from ransomware? Effective ransomware prevention requires layers of defense-in-depth countermeasures. Those countermeasures could be based on the control capabilities recommended by the NIST Cybersecurity Framework – effective identification, protection, detection, response, and recovery capabilities. Summarized below are a few examples of proven leading practices for effectively managing the risks associated with ransomware.
Enforcement of Information Security Policies – The first step to effectively manage the risks of ransomware begins with the creation, communication, and user awareness of your relevant policies defining senior management’s expectations for the usage of all devices connected to your company network. Furthermore, these policies should enforce the control requirements listed below to enable defense-in-depth. Consider investing in an automated policy enforcement security model like Attribute-Based Access Control (ABAC). ABAC allows you to configure access, transaction, and data-level controls with “contextual attributes” based on the policy requirements that comply with your audit, risk, and compliance requirements.
- Physical Device Security – All devices accessing the company network must be protected from theft by adequate physical security measures to prevent them from being stolen. Laptops and tablets can be easily stolen from the user’s backyard, living room, or the front seat of your vehicle. Keep the home workspace as secure as you keep your regular office and secure all devices in the trunk of your car anytime you leave the device in the vehicle.
- Secure the Home Network – Cybercriminals look to exploit default passwords on home routers because not many people bother to change them. Changing your router’s password on a regular basis from the default to something unique is a simple step you can take to protect your home network from malicious actors.
- Secure the Work Device – All devices connecting to the company network should require the following control mechanisms.
- Multi-factor authentication (MFA) to strengthen the authentication process while attempting to log into the systems and another layer of MFA for critical business process transactions.
- A virtual private network to encrypt data being sent and received.
- Strong virus and malware protection software that automatically updates when necessary.
- Prevent the loading of any non-approved software.
- Enforce automatic screen locking on work devices after two minutes of inactivity.
- Enforce strong passwords and password change management.
- Enable “find my device” and “remote wipe” should the device be lost or stolen.
- Restrict the use of non-company approved USB devices for copying data from one device to another.
- Restrict the downloading of email attachments because this is a common way viruses and malware are spread.
- Conduct periodic remote audits of the device to ensure it complies with your company policies.
- Backup & Recovery – Enforce automatic device data backups and enable data recovery should the device be infected with ransomware.
- Training – Invest in cybersecurity awareness training for employees, contractors, and third-party vendors to understand their part in avoiding ransomware threats.
- Monitor – Invest in application security software that can monitor, detect, and report anomalies and threats like ransomware.
What do you think? What are some measures you’ve taken to avoid ransomware attacks?
About the Author: David Vincent has over twenty-one years of experience delivering Security, Audit, Risk, & Compliance services while employed with some of the largest professional service-providing firms in the world – Arthur Andersen, KPMG, PwC, and IBM.
He has delivered hundreds of ERP Security Risk & Compliance Assessments & Remediation services, and over 100 GRC technology solution implementations. Additionally, he was the North America GRC Practice Leader for IBM, PwC, and Corporater. He is currently the VP of Product Strategy and the chief security evangelist at Appsian.
Last Updated on February 11, 2022.