Blog
Six Steps to Protect Your Organization from Ransomware | #RansomwareWeek
As #RansomwareWeek draws to a close here on the (ISC)² blog, we turn our attention to how organizations can defend themselves. Yesterday, we announced that (ISC)² has granted free access to its “Ransomware: Identify, Protect, Detect, Recover” course through the Professional Development Institute to anyone who is interested in learning more about prevention and remediation. That’s because the consequences can be dire for organizations.
The days of ransomware attackers demanding a few hundred dollars for a decryption key are long gone. Attacks have gotten more severe, and perpetrators have become bolder, demanding multimillion-dollar payouts from their victims. In March, CNA Financial reportedly paid ransomware attackers $40 million.
Paying ransom, however, may solve one company’s problems but could make it worse for everybody else. “In some recent cases of ransomware attacks, the victim organizations have paid huge amounts to the attackers, which can be one of the reasons these attacks are getting more popular,” says Paul Webber , Senior Director Analyst, Gartner.
Instead of paying, he says, organizations should place a stronger focus on preparation and early mitigation. Gartner has issued a document listing six ways to defend against ransomware threats:
1. Initial Assessments
Conduct risk assessments and penetration tests to determine the organization’s attack surface and what tools, processes and skills are in place to defend against attacks.
2. Ransomware Governance
Before preparing a technical response, be sure to implement processes and compliance procedures involving key decision makers such as the CEO, board of directors and other stakeholders. If an attack occurs, Gartner notes, the press is likely to contact company directors, not the CISO.
3. Consistent Operational Readiness
To verify the effectiveness of existing security controls, conduct tests and drills “at regular intervals to check for vulnerabilities, noncompliant systems and misconfigurations.”
4. Data Backup
Back up all data as well as “every nonstandard application and its supporting IT infrastructure,” and test the backup and recovery to ensure they can handle an attack. Be sure to use controls that prevent online backups from becoming encrypted by ransomware.
5. Least Privilege
Implement least-privilege practices by restricting permissions, removing local administrator rights from end users, and preventing installation of applications by standard users. Multifactor authentication should be in place wherever possible, especially for privileged accounts.
6. User Training
Educate users on ransomware response actions based on guidance provided by government and regional authorities. Customize training to company needs. “Use cyber crisis simulation tools for mock drills and training that provide closer to real-life situations for better preparedness of end users against ransomware,” says Webber.
Gartner says 27% of malware incidents reported in 2020 involved ransomware. In the first half of 2021, headlines about ransomware attacks have been almost an everyday occurrence. A well-planned ransomware defense strategy can help minimize losses and protect a company’s reputation.