Reduce Ransomware Risk: 6 Smart Steps

Ransomware is THE cyberthreat of 2021, and hot ticket problems demand dynamic solutions. We take a step (or six) into the world of preventative IT security.

The results are in: ransomware is the hot topic for 2021. Devoted readers of our blog or any nightly newscast these days will know that ransomware attacks are a pressing concern for any industry with sensitive data, as well as supply chains and any organization reliant upon digital access for functionality… in other words, no one is immune to the threat of ransomware.

Following the disastrous Colonial Pipeline hack, Reuters reports that the U.S. Department of Justice is “elevating the investigation of ransomware attacks to a similar priority as terrorism.” While we at BAI Security hope that widespread recognition of cyberattacks will inspire organizations to take important defensive measures against ransomware, unfortunately, the DoJ doesn’t cover the how—what can you actually do to defend yourself in the event of a major cyber-threat?

Today, we’re taking you through steps you can take to resist ransomware and keep your organization safe from the year’s biggest cyber-risk.

1. Protection Starts With Detection

Like personal health, IT security is significantly impacted by preventative care. While there’s no substitute for frequent scanning and vulnerability management, behavioral anomaly detection systems are but they do the intricate work of pinpointing strange behaviors in your systems. Because these systems tend to use AI in identification, their detection isn’t an exact science, but the events they pick up on will match the parameters of a potential attack on your organization—which is always worth investigating. In fact, Harris, LaPorte, and Furtado (2020) of Gartner’s Infrastructure Security initiative recommend anomaly detection as the most efficient means of identifying indicators of compromise (IoCs).

While anomaly detection and other best-of-breed security tools are designed to alert you, it’s just as important to look in between the lines at what’s not happening. Were certain machines or terminals suddenly disabled? Did your data backup slow or stall? Perhaps most telling of all: are your security measures still running as expected?

Anomaly detection is critical because, as the initiative points out, remediation is about isolation. If you can contain the impacted accounts, machines, and so on, you can minimize the affected data and keep a malicious actor from taking your most valuable data hostage.

2. Trust No One (On Your Server)

It’s not just about following the feds’ example—now, the Zero Trust Cybersecurity Model comes recommended by Gartner’s Infrastructure Security initiative. The Zero Trust approach assumes that no one, not even administrators, are trusted by default, and implements multi-factor authentication on every tier to keep hackers from impersonating high-level accounts… and taking all your most sensitive data for ransom.

Specifically, it’s important to remove local administrative privileges on endpoints and ensure that administrative accounts are only being used when absolutely necessary. All accounts should be subject to multi-factor authentication when accessing sensitive data, and consequently, no users should have “resting privilege”—i.e. having continued and unverified access to that data.

But there’s even more you can do to ensure the scope of your Zero Trust policy. Harris, LaPorte, and Furtado note that you can do a sweep of your server to make sure there are no unused or defunct accounts, which can be prime real estate for hackers looking to impersonate users. You can review what endpoint protections you already have in place and take a look at what measures your third party providers and suppliers take to keep themselves safe, including safeguarding their employee credentials.

3. Step Forward With A Backup

Exactly why are ransomware attacks so problematic? When hackers take possession of your data, they’ll offer you the chance to pay a particular sum of money to get the data back—the “ransom” for which the attack is named. But experts advise that paying the ransom is the last thing you want to do. Not only are the hackers not obligated to return their stolen goods, in a large number of ransomware cases, the data returned is corrupted beyond use.

The solution? Data backups. By ensuring your data is in multiple locations at the time of attack, you’re taking the power out of the hackers’ hands and giving your organization a strong contingency plan. That said, those backup systems need to be as fiercely defended as your workplace server. According to Simpson and Blair for the Data Center Infrastructure initiative (2021), more sophisticated ransomware attacks tend to target backup systems—something threat detection can be invaluable in combating.

It may sound overzealous, but having backups for your backups gets our seal of approval. Data should be stored in multiple locations, separate from the central system, and protected with the same multi-factor authentication. Having a backup on hand won’t just minimize the impact of a ransomware attack—it’ll also make your recovery fast and efficient.

4. Stay Cyber-Educated

When it comes to protecting against ransomware attacks, there’s no accounting for the human element. Gartner’s CIO Research Team (2019) finds that approximately 50-70% of all security incidents can be attributed to employee activity. While organizations have doubled their efforts to spread cyber-awareness in the last few years, a survey found that more than 90% of employees knowingly violate their organization’s IT security policies.

Your organization has the opportunity not just to implement cyber education awareness and training, but to use those programs to emphasize the importance of IT security health and compliance. CIOs and CISOs alike can partner to create effective awareness campaigns for their employees and even business partners, because as we mentioned, a solid IT security strategy covers all its bases.

What makes a solid cyber-awareness campaign? For one thing, you can get your chain of command involved. The CIO Research Team notes that security messages delivered by managers or colleagues tend to have more impact than top-down PSAs. Incentives also make a proven difference, positive or negative; sanctions or punishments for those who are not compliant and awards or recognition for those who are.

Like the behaviors, awareness and education initiatives need to be omnipresent. Conducting regular training exercises and challenges to test your employees’ knowledge of IT security best practices will make them part of the culture, and can even make use of the proven power of gamification, which uses a system of incentives to give employees something to compete for.

5. Contain Crises, Respond To Risks

Frequent drills don’t just come in handy for cyber-awareness—they also make a difference in incident response. Does your organization have a crisis response plan? An understanding of how to continue operating while the threat is dealt with? In the event of a ransomware attack, an organization may have to take its server offline, which can be a serious threat to functionality without a plan in place.

Effective crisis management is all about communication and compartmentalization. According to LaPorte and Webber for the Infrastructure Security initiative (2019), incident response processes should be divorced from your IT security operations (lest ransomware takes out your IT security and crisis management measures in one fell swoop). And because ransomware attacks can lock out server access altogether, it’s vital to have alternative access methods to Internet-hosted security tools and other incident response protocols.

Communication is always key in a secure IT security strategy, but in incident response, it can be the difference between quick remediation and costly disaster. Your chain of command should know what their roles are in the current incident response plan, who to contact, and what their priorities should be. While internal communications come first, prompt external messaging with any affected clients, customers, and partners is just as important—letting them know if any of their data has been compromised, what functionality is jeopardized, and when you’ll be back online will demonstrate transparency and help you repair any damage to stakeholder trust.

6. Conduct Expert Assessments

A tenet of preventative care is repeated and rigorous system scanning for vulnerabilities, malware, unprotected data, and other IT security risks that demand to be addressed. These assessments aren’t something you want to drop the ball on—it’s worth the investment to get the best of the best.

BAI Security’s Network Vulnerability Assessment & Management identifies the hottest targets for ransomware hackers to give you real-time security insights and solutions. With year-round on-demand scanning with best-in-breed tools, our award-winning team pinpoints data of interest and areas of potential weakness before malicious actors can beat you to the punch.

Get ahead of this year’s most pressing cyber-threat—contact us today.