If it seems like there’s a new ransomware attack in the news every week, it’s because there is. Bad actors and their tactics are becoming more sophisticated by the day, leading the Agio team to believe it’s not “if” but “when” the next attack will occur. The good news? With the right policies and processes in place, you can significantly minimize your organization’s likelihood of falling victim to ransomware. @blackhat.az
In my experience, there are four fundamental actions technology leaders can take to reduce their security risk. I emphasize these four, because whenever I analyze a successful ransomware attack, the compromised organization is usually deficient in at least two of the actions. On the contrary, I rarely (if ever) see an attack occur when all four actions are enforced. To that end, here are my top recommendations for preventing ransomware from infiltrating your systems.
Multi-factor Authentication: Multi-factor authentication (MFA) provides a strong defense against any kind of malicious activity by asking users to present more than one credential when logging into an account. Enabling MFA (and enforcing strong passwords) greatly reduces the risk of an account takeover, as well as the risk of passwords being leaked or compromised.
Patch Management: Routine patching is one of the best ways to protect your organization from cyber-threats. At Agio, we define healthy patch management as implementing security patches, bug fixes and feature updates every two months at a minimum. Once a core operating patch is released, it must be installed as quickly as possible – waiting more than six months to update systems greatly enhances your susceptibility to individual ransomware attacks, as well as devastating situations that may compromise your entire network. Patching becomes even more critical for systems that are publicly exposed, such as laptops and mobile devices connected to public networks.
Local Administrative Access Restriction: Reducing the use of local admin privileges and applying the principle of least privilege access across all users, applications, and systems won’t prevent every attack, but it will stop many of them. This means only network administrators can add or remove software within company networks, preventing your users from unintentionally installing or downloading malicious programs designed to wreak havoc on your systems.
Anti-phishing: Email phishing is the #1 source of wire fraud, identity theft, and malware/ransomware delivery. Leveraging an AI-based application that helps weed out even the most sophisticated phishing messages is an extremely important piece of your ransomware-prevention strategy. Agio partners with Inky’s next-generation anti-phishing technology, which leverages machine learning, behavior profiling, and advanced heuristics forgery detection for real-time threat prevention.
While this list was created to help you build a foundational strategy for preventing ransomware, I’d be remiss if I didn’t highlight the importance of having a robust and mature endpoint protection service –specifically, one that allows organizations to delay the spread of ransomware by isolating infected hosts in order to stop attacks in their tracks. Likewise, we suggest conducting regular incident response tabletop exercises to test your firm’s preparedness in the event of an attack, as well as educating employees (your first line of defense) on how to identify and report suspicious communications.
Following these practices not only keeps your organization and your people out of harm’s way, but they also keep you in good standing with investors, board members, and regulatory bodies who are increasingly asking what you’re doing to prevent a ransomware attack.