Experts across the board agree: the best way to prevent ransomware attacks is to take a multi-layered approach. Since the first phase in a ransomware attack almost always involves social engineering, employee cyber security training is a good place to start. But if attackers get in, you’ll need to be able to recover from an attack.
Whatever you do, don’t just do nothing. Ransomware attacks are on the rise, and no organisation is too small to escape attackers’ notice. And since some victims make large ransomware payments to get their data back, ransomware has proven to be profitable, so the problem will only get worse.
HR Tech News asked industry leaders about some of the best strategies for preventing such attacks, and recovering from them should cybercriminals make a move:
1. Prevent ransomware with end-to-end security measures
The best strategy to deal with ransomware must include both preventive and recovery measures. As any security professional will agree, the first thing everyone must do is keep their systems up to date. It’s extremely difficult, if not impossible, to properly defend unpatched systems against ransomware or any form of malware.
Next, one the most popular sources of infection is Microsoft Office documents sent as email attachments, which are laced with macros that launch ransomware automatically when clicked. Unless otherwise necessary, organizations should consider a system policy that disables all Office macros on each desktop.
READ MORE: Beware the malicious email attachment
Finally, it’s imperative to have a highly effect endpoint protection solution installed on each system – particularly one that leverages machine learning instead of relying upon signatures.
Even with all the prevention, no security scheme is perfect, so in the event of a ransomware infection, having off-line backups for all sensitive data and systems is absolutely critical. “Off-line” is key because ransomware infections are known for attacking and encrypting network-connected backups, which renders them useless.
Follow this guidance and you’ll be in better shape than 99% of the world and properly prepared for any ransomware outbreak.
– Jeremiah Grossman, founder of WhiteHat Security and chief of security strategy at SentinelOne
2. Prioritise network security
To prevent ransomware attacks, organisations need to make network security a top priority. Deploying anti-virus and anti-malware software is the first step in eliminating cybersecurity breaches. To further protect the network, organisations can restrict access control at certain levels.
For instance, the United States Computer Emergency Readiness Team (US-CERT) recommends configuring access controls (file, directory, and network share permissions) with least privilege in mind. In other words, users who require access only to read documents, files, etc., should not be allowed to edit those specific files, directories or shares.
– Perry Price, CEO of Renovation Systems
3. Focus on recovery rather than attacks
I’d reframe the question as: “What’s the best strategy for preventing ransomware attacks from destroying your business?” Because you’ll never stop successful attacks, the question has to revolve around minimising the impact.
A well-rehearsed backup and recovery process, an ability to disconnect from the Internet for a day without destroying your business (e.g. have a cold site that is not connected to your hot site until you throw a switch), a well-segmented network architecture with least privilege rulesets at all network connection points, endpoint security, and end-user training.
– Sammy Migues, principal scientist at Synopsys Software Integrity Group
4. Create a strong backup plan
Data is a company’s most precious asset, but storing it entails a major responsibility to keep that data safe. This isn’t just the responsibility of the IT or security team. There is a collective obligation across the entire organisation.
Well managed data is easier to locate, utilise and update with the latest security policies, making it easier to protect from attackers. However, you must also make careful, considered decisions about how that data is backed up in the cloud. Prevention is the best option, but when your defenses fail you also need a strong backup plan to protect your most valuable data.
– Jasmit Sagoo, senior director, head of technology UK and Ireland at Veritas Technologies
5. Don’t pay ransoms
The better long-term response is to invest in data backups and recovery mechanisms, because technology failures can happen for many reasons, most of which are not malicious. Large enterprises whose customers need timely access to resources are irresponsible if they don’t have such a plan in place. As for municipal computer systems potentially held hostage, it’s up to citizens to demand that their governments adequately fund IT budgets to meet the rising threats.
– Tyler Moore, Tandy associate professor of cybersecurity at University of Tulsa