Ransomware is the most dangerous cyber threat today. The concept of ransomware (holding your system or information hostage for payment), has been around for over 20 years, since Joseph Popp wrote the “The AIDS Trojan” in 1989.
However, modern ransomware first entered the scene as a serious and categorical threat in May 2013 with the propagation of CryptoLocker. Since then, it has become the most lucrative cyber-criminal enterprise, estimated to cost businesses $20 billion dollars this year in 2021.
Here are 5 ways you can get started building your defenses against ransomware:
1. Protect Your Backups
Cybercriminals are aware that you will likely not pay the ransom if you have a robust and ready backup capability. That’s why they target your backup system, disable it or encrypt your backups or other copies of data.
Backups are essential for lessening the impact of potential malware threats. Store the data in a separate device or offline in order to access it in the event of a ransomware attack. You should have three copies of your data (a production copy and two backups) on two different media, with one off-site copy that you can use in the event of recovery.
When monitoring your backups, ensure that you are also alerting on any unauthorized access. Also, minimize how many users have access to those backups.
2. Plan & Test Incident Response
Perform risk assessments, penetration tests, scans, etc. to learn not only where the gaps are, but how effectively issues escalate and get resolved.
We suggest that you build protocols around Ransomware as part of your IR plan. You should also incorporate a Ransomware attack in an upcoming table-top exercise. Test your processes and simulate ransomware attacks to test your recovery scenarios.
If you outsource any aspect of your IT team, incident response, managed security, monitoring, etc., plan and test with them to create a cohesive plan of action.
3. Install and Manage your Firewalls
The evolution and advancement of attack techniques deployed by today’s cyber criminals makes it increasingly difficult to keep intruders out, while not interrupting the business. Your front-line defenses require continual monitoring, management, and maintenance with a firewall.
Most IT teams do not have time to collect, manage, or maintain these critical devices, so outsourcing to a trusted MSSP/ MDR provider can make all the difference for your frontline defenses. Even better, some providers meet compliance standards and regulatory requirements by providing you with reporting and log storage.
If you are looking for a Managed Firewall Provider, Security On-Demand’s managed firewall service allows you to add application-level security and intrusion prevention.
4. Improve Security Awareness Training
Humans are always the weakest link in a cyber attack. Continued vigilance in helping users discern legitimate or non-legitimate communications is crucial. Train your employees how to identify phishing emails, malvertising, and more.
Hold regular security awareness trainings, enforce attendance and make the recordings a part of new hire on-boarding. Further promote security awareness inside your organization by creating content and activities that encourage learning. Additional ideas include: a scored assessment, organizing jeopardy or collective competition games, or sending a phishing email simulation.
A strong security program paired with employee education about the warning signs, safe practices, and responses aid tremendously in preventing these threats.
5. Implementing Dynamic Threat Detection & Monitoring
Catching the attack in the early stages can prevent significant financial impact and limit the potential damage. However, many SIEM solutions today do not have the ability to detect advanced threats or to correlate seemingly “normal” behavior to find an unknown malicious event. SIEMs are not able to analyze all the data in your environment, so they leave valuable indicators and events out of their threat analysis. Ransomware attackers know how to slip past your defenses undetected, looking “normal,” so an advanced detection and analytics tool is your best bet at finding it early.
Outsource the things you are not an expert in. Most companies don’t have the infrastructure or expertise to fully monitor and detect, so working with a Managed Security Services/MDR Provider with advanced threat detection capabilities is a better option.
When looking for a strategic threat detection partner, ensure that their monitoring is 24×7 in coverage. Tune regularly with your provider, learn about their escalation process, and establish expectations, so both teams have clarity.
Take Your Ransomware Protection to the Next Level
With an influx of both technology and attacks in 2021, we recommend starting the conversation of how you will protect your new devices with Advanced Threat Detection and 24×7 Monitoring.
Our analytics-based approach considers how multiple different detection models can compensate for a number of threat detection challenges including:
- Alert detection bias
- Lack of device breadth
- Human elements – Training, Experience, Knowledge Bias, etc.
- Lack of pre-knowledge of events (unknown unknowns)
- Alert/Event/Data misinterpretation
- Device or System Misconfigurations (Log levels, Data Quality, etc.)
- Too Much Data/Data Reduction
For more information about how we can help you detect Ransomware in its early stages, contact Security On-Demand here.
About Security On-Demand
Security On-Demand (SOD) provides 24×7 advanced cyber-threat detection services for mid-market companies and state or local government agencies. SOD’s patented, behavioral analytics technology platform, ThreatWatch® enables the detection of advanced threats that help protect brand value and reduce the risk of a data breach. Headquartered in San Diego, California with R&D offices in Warsaw Poland, SOD services and protects hundreds of brands globally and is the winner of multiple industry awards. Please visit us at www.securityondemand.com. Find us on LinkedIn and follow us on Twitter @SecurityOnDmand.
