Ransomware attacks can prove extremely disruptive and expensive to remedy. Prevention is better than finding a cure, and ransomware incidents are easily preventable with the right action.
A few high-profile ransomware incidents have spread awareness, and many individuals and organizations have likely taken strides to protect themselves, which may have diminished the success rate of ransomware and prompted attackers to employ other means. A Kaspersky report shows a 30% decline in ransomware encounters this past year (April 2017 to March 2018) in comparison to the year prior (April 2016 to March 2017).
However, ransomware attacks are still alarmingly common. There’s no room for complacency here. Ransomware has not been defeated as a threat; it’s still evolving, with new strains emerging and changing all the time. Malwarebytes actually recorded a 28% rise in attacks on businesses in the first quarter of 2018.
Cybercriminals like the path of least resistance, so failing to guard against ransomware is like an invitation. Here’s a step-by-step guide for how to prevent ransomware attacks from gaining traction on your network and causing real damage:
Step 1: Educate People
It’s vital to have a well-designed security awareness training program in place. Employees are often responsible for unwittingly inviting ransomware in, usually by clicking on links in emails and messages that prompt ransomware downloads. While 78% of people successfully avoided clicking the link in a phishing attack test in 2017, according to Verizon’s Data Breach report, 4% of people did click. Unfortunately, it only takes one wrong click to infect your network. Another issue is the fact that most people don’t report suspected phishing campaigns, depriving security teams of valuable data.
What’s required is a comprehensive training program that focuses on your most valuable business assets and stirs in the latest intelligence on ransomware threats. Arm your employees with the knowledge they need to spot danger and avoid it. Make sure they understand the importance of reporting, even when they don’t click. Because the threat landscape is constantly evolving, your training program must evolve, too.
Attendance and completion of training should be mandatory, but the only way you can really be sure that everything has sunk in is to test your employees. Conduct simulated phishing attacks, and share the results. People who fail should be required to undertake further training, and repeated failures may require disciplinary action. It’s important that staff understand they have some responsibility in your prevention efforts. Guarding against ransomware is not just a job for your IT department.
Step 2: Deploy Security Software
There are many different software tools that can help enormously in detecting, blocking and dealing with ransomware and other forms of malware. Deploy a next-generation firewall, antivirus software, real-time network scanning, next-gen endpoint protection, anti-phishing and URL filters. But bear in mind that identifying and installing solid security software is not enough; it also has to be properly configured and kept up to date.
Ensure you have the right skill sets on your team to leverage the software you buy. Improperly configured software is a major route in for attackers and can also bury your security team in false positives. You may also consider restricting unauthorized software with application controls.
The so-called shadow IT issue, where business units install apps they want without IT department oversight, can cause serious weaknesses in your defenses. Where restriction isn’t viable, you need to adjust your strategy accordingly and establish real-time visibility into people, devices and systems on your network. Behavioral analytics can also be enormously helpful in quickly detecting anomalies that might indicate an attack.
Step 3: Verify And Test Backups
If you have a proper, regular backup system in place, then you never need to pay a ransom to recover your files. There are lots of backup solutions on the market, including both software- and hardware-based options. For maximum security of your most precious business data, you might consider both. Make sure you fully map what would be required to get your business operating again in the event of a massive data loss, and ensure everything is backed up. Without proper backups, ransomware attacks can lead to catastrophic downtime that could threaten the business.
Your ability to recover also depends on the backup being easily accessible. Make sure you have a set procedure that’s clear and easy to follow and make sure you test it. Try recovering backups and verifying their integrity to identify any problems in your backup system before you really need it. A Datto report found that 96% of managed service providers with a reliable backup and recovery system were able to recover from ransomware attacks.
Step 4: Test And Tweak
We’ve already touched on this, but it’s crucial to your prevention efforts, so it bears repeating. You should have an incident response plan. We suggest building out a playbook for each scenario, with ransomware being one such example. This will help with testing every system and every procedure that you’ve put in place to make sure that they work as expected. Can your strategy cope with a mock ransomware attack? If not, you need to go back and analyze any failure, and then make changes and test again until it works successfully.
While you can build a solid foundation to guard against ransomware, there’s no completion point when you’re done. Ransomware is evolving all the time. Cybercriminals are always developing new techniques to gain entry to your network. Your training, software, backups and general strategy must continue to evolve and grow over time if you expect to continue to nullify the threat of ransomware.
While prevention is a serious and potentially expensive undertaking, it pales in comparison to the devastating impact of a successful ransomware attack.
This article was originally posted on Forbes.com. Click here to read >