THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Holding your data hostage: What you can do to prevent the impact of ransomware on your business4/19/2018 Preparing for Disaster When it comes to security issues hitting the news, nothing has the impact these days like a ransomware attack that has locked up a company’s data and demanded a Bitcoin ransom. While there are several areas of thought on this topic, what keeps the IT Security Professional up at night is whether the company or organization will pay the ransom or not? Moreover, what would happen to the business? What steps can we take to protect our data now? While this may seem to be, an area that is best decided at the top levels of the business. There are actions that you can take right now that can at least limit the impact to the company. While nobody wants to be a victim of ransomware attack, you should at least prepare for it in case it does happen to you. Decisions, Decisions Many companies or organizations will just pay the ransom and not let anyone know that they have been attacked or compromised. There are several reasons that a company may choose to do this, but this action only emboldens the attackers to continue their efforts to attack networks. Senior management will have to make the ultimate decision as to what they will do, but hopefully it is the right one for the business. Why pay? When an organization has failed to do what some would call "basic precautions" to reduce their overall risk to this type of threat, the impetus would be to pay the ransom due to not knowing if you would be able to recover the encrypted data that is being held hostage. It comes down to limiting the impact to the business and preventing any impact to the reputation of the organization. The critical need of the data being held is also a consideration in the decision making process. Depending on what industry the organization works in may also impact this process, with hospitals, banks, and public services industries being the most difficult to provide rapid access. Hindering access could need the difference between a loss of life or in most cases, a loss of potential business for the company or service provider. Preventive Action Plan
Protecting your organization from a ransomware attack begins having a plan in place that addresses what steps you will be taking in order to reduce your overall risk to this threat and what steps you will be taking if you are compromised. Some areas of focus are listed below: 1.Employee Training/ Communication Employees are our frontline troops in this battle against ransomware and they need to be informed. We rely on them to notify us if they start seeing something wrong on the network. Having a training session or communications sent to the employees on a regular basis will keep them informed as to the possible threat. 2.Patch Management Installing patches and updates on a regular basis is one area in which some organizations have difficulty in accomplishing on a regular basis. This is the area that can be a huge risk for an organization and one that could do a lot to prevent a compromise. Patches should not only be deployed, but they should be determined to be effective as well. Following up and auditing the process should also happen to ensure that the organization is doing all they can to protect against this threat. 3.Malware Protection Antivirus applications or systems should be deployed throughout the network, and especially on all endpoints (servers, workstations, mobile devices). These applications should be updated on a regular basis and should be employed at all times. Ransomware attacks can attack without leaving a trace, and most of the antivirus applications will use some sort of signature identification process in order to flag the malware. 4.Network Scanning/ Monitoring The use of a network monitoring system should also be looked at as a way to always be on the look out for the potential threats that are out there, including ransomware. Heuristics (behavioral) is becoming a way that some new services are using in order to alert the security staff of company of a compromise. Monitoring not just the access or specific actions taking place, but also the activities as a whole as well. 5.Data Backups This should be a no-brainer, but unfortunately, it is not. Backup your data and have both your critical and non-critical information secured and available for when you need it. Ransomware should be treated as a disaster and should be included in your manmade disaster threats. 6.Testing Backup Plan Not only should an organization have a backup plan, but the plan should be tested as well to make sure that it works as intended. Validate the backups and the processes. This will help with proving confidence in your process and systems. 7.Vulnerability Monitoring Review and conduct assessments that review your organizations security posture and the processes that you have in place to deal with potential threats. Conducting scans against the network and looking not just at the systems, but also the software applications that are running on them as well. Documenting a ransomware attack You will should document the specific steps that the organization takes when a ransomware attack has been detected and how it responds. All of the processes should be in very clear detail (this may be used in court or for further investigations depending on the type of information that has been compromised). Ransomware can spread and once an infection has been detected, the goal should be to contain it and limit the spread. Summary While ransomware is a huge threat to any organization, it is possible to deal with it and lessen the impact to your business. While there are many decisions to be made in how to deal with your data being held hostage, businesses have recovered and continue to thrive. Do not let the impact of a ransomware attack stop your organization. If you take some of the steps that I mentioned here in this blog, you might be able to keep your data safer than it is today.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|