Seven things to do before the next ransomware attack

breach prevention.jpg

Yesterday’s ransomware attack again highlights the importance of cybersecurity vigilance.

Unfortunately, many will respond to this latest event with a combination of relief, denial and/or a much-too-narrow augmentation of their ransomware defenses.

That’s not smart. Your objective isn’t to dodge the attack that just occurred. It’s to dodge the next one—or, just as important, to fully mitigate the impact of that next attack, should you be breached.

Here, then, are seven best practices to put into action before the next exploit hits.

Get OCD about patching

Many IT staffs still let their patching efficacy linger at 97 percent to 99 percent completion. Sometimes, systems go unpatched because they’re perceived as too critical to touch too often. More often, it’s because IT simply doesn’t have full visibility into all of its assets and their current state.

But all it takes is one vulnerable system. So get your asset management act together first—and then use that data to drive a 100 percent effective patching mechanism.

Re-think backup

For years, IT treated backup as a way of restoring core systems after a major weather event, building fire, or other disaster. No more. Backup is now a critical component of data defense. After all, if your data is safe elsewhere, you don’t have to pay anyone ransom to get it back if they encrypt its primary host.

IT should therefore re-assess its backup mechanisms to ensure that:

  • Data is backed up with the frequency truly necessary to fully minimize the business impact of an instant, unanticipated system lock.
  • Backups are expanded to protect even data that may once have been considered expendable—such as that critical sales presentation that’s on someone’s desktop when an exploit strikes.
  • Backups are air-gapped from the network. Think cloud. This may have compliance implications, but those implications are much more palatable than having your business grind to a halt.

Segment the network—and make it smarter

Weaponized code is often specifically designed to propagate rapidly across connected system by taking advantage of management-level traffic that most of us have running continuously in the background.

That’s why it’s imperative to take a fresh look at the network layer of your cyberdefense. Are you running unnecessary protocols? Do you have sensors that can immediately detect suspicious traffic anomalies? How quickly can you isolate subnets to contain damage? Get the answers to these questions—and then take the steps necessary to up your network-layer game.

Modernize your workspace management

Many enterprises have been slow to adopt technologies such as virtual desktops and truly policy-based workspace automation. This has been in part because, like the shoemaker’s children, IT often fails to do for itself what it does for the business—and in part because many IT decision-makers still underestimate just how radically the nature of digital work has changed.

But the cybersecurity imperative should obviate any further debate on the topic. For your enterprise to be secure, your users’ digital workspaces must be governed by rules—including, above all, whitelisting. So let security drive your adoption of workspace management and let the productivity benefits just be a bonus.

Invest in next-gen tech

There are lots of new cybersecurity technologies on the market. Some can predictively identify malicious IP addresses. Some can identify malicious code without requiring signatures. Some use deception to prevent attackers from discovering the actual topology of your environment.

If you’re unfamiliar with these innovations, hit a security tradeshow or look at a report like this one from Gartner. But don’t be complacent about your digital defense portfolio.

Develop response discipline

Risk mitigation isn’t just about preventing attacks. It’s also about responding appropriately when they occur. And you can only improve that response if you measure it. So your organization needs to develop response discipline—and a response management tool that lets you track and evaluate your response processes over time.

This discipline is especially important given the fact that we all have limited staff resources to throw at the attack matrix. By tracking your team’s actions over time, you can make fact-based decisions about where to optimally allocate those resources.

Educate users

Cybersecurity is everybody’s job. We may assume that people can recognize a spearphishing attack—or that they know not to plug a thumb drive into a networked machine without a trustworthy scan—but that’s a very dangerous assumption. Better to regularly educate users, have them sign off on cyber-hygiene policies, and create consequences for bad actions.

One more piece of advice: Never, ever pay a ransom. Your attacker probably won’t solve your problem even if you pay. And the money you send them just incentivizes them to do more harm. That money is better spent elsewhere.

This story originally appeared in Information Management.
For reprint and licensing requests for this article, click here.
Ransomware Data security Cyber security Cyber attacks
MORE FROM DIGITAL INSURANCE