The latest wave of ransomware attacks hitting the United States and globally portends the difficult battle against hackers for most organizations - even as government and the private sector ramp up defenses. The attacks hitting the Colonial Pipeline and the major JBS meatpacking operations are examples of a burgeoning cybercrime industry with the potential to inflict pain and extract profits by impacting "critical" networks, experts say.
Other recent targets include local governments, hospitals, insurers, a ferry system and others in the United States and globally, with many of the attacks attributed to Russia-based hackers operating with at least tacit approval from the Kremlin.
At least $18 billion was paid to ransomware attackers last year, according to the security firm Emsisoft, which found "tens of thousands" of victims so far in 2021.
"Ransomware is hitting epidemic proportions and business as usual isn't going to cut it," said Frank Cilluffo, director of Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security.
Security firm Proofpoint found in a recent survey that two-thirds of computer security officers acknowledge they are unprepared to cope with a future cyberattack, noted Proofpoint's Lucia Milica.
"Human error is one of the biggest vulnerabilities and we've seen that remote work has made networks more vulnerable," Milica said.
So, with all of this describing the current landscape, how does a small business appropriately protect their business while also just keeping the lights on? At a base level, the answer is to get ahead of the bad actors as quickly and thoroughly as possible while understanding that this is a moving target that also requires constant vigilance.
The following list provides the steps necessary to protect your network against these insidious cybersecurity attacks and help you avoid a situation in which you end up being held hostage by cybercriminals.
1. Educate Your Employees
User education and awareness are among the most important components of defeating ransomware. By training your staff to implement appropriate “internet hygiene” practices, you will help to prepare them for dealing with potential ransomware attacks, such as knowing to treat suspicious emails with caution. Check out some of the human error related issues that you should address to protect your sensitive corporate and client data.
2. Use a Multilayered Approach
Protection from ransomware extends beyond simply having a firewall (this should be a given). Security is critical and can be extended through the use of intrusion prevention and software layers on all devices on the network.
3. Protect Endpoints
Endpoint security solutions are important in helping to prevent data breaches. Because users primarily interact with corporate and private devices, endpoints are potentially high-risk areas when they are not adequately managed or lack appropriate antivirus and antimalware protection.
Most antivirus solutions are signature-based, meaning that they are ineffective if not regularly managed and updated. Newer ransomware variants are uniquely hashed, meaning that they are essentially undetectable when using signature-based techniques.
4. Anti-virus By Itself Isn't Enough
Ensure all of the computers on your network are protected by a current and business level Anti-Virus system AND that it's being managed. Simply thinking that because you have AV on your systems, you're protected is NOT an appropriate mindset. It's critical that this key layer in protection is complete (across all machines) and is kept up-to-date at all times.
Also, ensure that your email system is protected by an enterprise level Anti-Spam system. If you're running Office 365 (or any other hosted email system), don't be led to believe their built-in protection is enough. It isn't.
5. Patch Your Systems and Applications
Think of this as your system receiving its vaccinations. Because many attacks are based on browser, plugin and app vulnerabilities, it’s critical to have processes or systems in place that ensure updates and patches are promptly applied to your programs. Choosing a solution provider that automates patching and version upgrades thoroughly and consistently goes a long way in helping to protect your organization from a range of cyber threats, including ransomware.
6. Implement Network Security Policies
Lock down user rights and remove local Administrator level rights from all users. This prevents most ransomware from running because the program simply doesn't have the needed rights to do so. At FPA, We use a GPO (Group Policy Object) for our clients to do this automatically. This ensures all users on the network are covered by this policy automatically.
7. Segment Your Network to Stop Spread
Most ransomware spreads via the endpoint to the server/storage where all mission-critical data and applications reside. By segmenting the network and isolating critical applications and devices on a separate server or virtual LAN, you can help to limit the damage and minimize the spread of this malicious content.
8. Quarantine, Analyze Suspicious Files
Sandboxing and other related technologies enable you to quarantine suspicious files for analysis and prevent them from accessing the network. The files are held at the gateway until a verdict has been given about whether the files are safe. If a file is found to be malicious, you can implement protective measures, such as policies that block domains or IP addresses or transmitting signatures to network security applications, to prevent follow-up attacks.
9. Implement the Added Layer of an Internet Protection Solution
A tool like Cisco Umbrella prevents callbacks to malicious sites when users unknowingly click on a ransomware link. It's a cloud-based security platform that serves as the first line of defense enforcing security at the DNS layer. This latest type of solution is significant when it comes to preventing ransomware (and malware, too!).
10. Secure Your Work From Home Machines
In our collective rush to be able to work during the pandemic, a huge shift in the technology footprint has occurred. More and more people are working from home. But, are they doing this securely? Again, don't just assume that Anti-Virus is enough or that your users have secure computing resources at home. This is one of the most egregious areas needing to be addressed these days. Every home computer is like adding another office to your network and you should secure it similarly.
11. Back Up Files Regularly
This point cannot be understated: A significant safeguard against being forced to pay ransom is having a robust backup and recovery solution in place. Depending on a variety of factors, including how quickly the security compromise is detected and how widespread the data loss, recovery from a backup often can be one of the best options.
Backing up your data also can save your company a lot of money. Each lost or stolen record containing sensitive and confidential information is estimated to cost companies $141, and the average cost of a data breach is now more than $3.6 million globally, according to the “Cost of Data Breach Study: Global Overview” by Ponemon Institute and IBM.
I can't stress enough the importance of this last point. Too often, without a reliable backup you're just simply dead in the water when responding to an attack. Backups are like insurance. You don't want to pay for it because you don't want to use it, but how glad are you to have it in place when you need it!
Everything else listed are all items of great importance and none should be left off the list. These are all real and meaningful ways that will make a difference in your ability to prevent your network from being hit in the first place.
Is your network protected? While each of these is great on their own, implementing these strategies together can make a world of difference to your organization’s cybersecurity capabilities. We’ve found that by taking a multilayered approach to this issue, our clients are well protected and significantly better than the average business. This kind of comprehensive network protection solution is what our clients have come to expect from us.
Let me know what you think. Please share your thoughts. Do you think I am missing anything specific? Let me know what you think in the Comment box below or send an email if you’d like to chat about this in more detail.