In my last post, I focused on several key types of cyber threat most likely to challenge your business right now. This time, I’m drilling down — to ransomware and what you can do to protect your enterprise from it.
Why ransomware prevention? Because security experts regard ransomware as today’s most serious cyber threat , having increased 35% in just a year to an average of nearly 1,000 per day in 2015 .
The reasons ransomware is dangerous
Three features of ransomware make it very destructive:
> The social engineering techniques with which it typically infects systems are difficult to impossible to rein in;
> Once a system is infected – with malware that, in some cases, completely removes access to hard drives and operating systems while also locking down and encrypting files – paying the ransom may be the only way to get your data back; and
> Some ransomware strains can expand their hostage-taking to any network-connected device, including not only smartphones and Macs but also Linux web servers (encrypting files associated with web apps, backups, and archives).
8 essential steps toward ransomware prevention
- Back up your data in real time, maintain recent backup copies offsite /offline, and regularly test recovery processes to make sure they work;
- Encrypt all your data all the time – some ransomware now also threatens to publish kidnapped files online unless ransom is paid;
- Get religious about updating and patching all your software ;
- Beware lax user rights/permissions (e.g., employees with unwarranted administrator access to systems or network drives);
- Train employees to distinguish between cyber threats and legitimate links/software and traffic, and keep them up-to-date about ever-evolving social engineering tricks;
- Use firewalls to help make sure your network is sufficiently and appropriately segmented (e.g., separated servers and workstations), following the principle that each system accesses only those resources necessary to fulfill its tasks; and
- Deploy the various elements of defense-in-depth digital security — virus scanners, firewalls, IPS, email/web gateways, DLP, extensive endpoint protection, SIEM, etc.
Once infected with ransomware, you’re in a race against time.
As soon as you understand what’s happening, disconnect the affected devices from the network; then disconnect any external storage devices (say, attached hard drives) and disable any cloud storage services. Advise all users not to connect any devices to your network (neither wired nor wifi) until the situation has been resolved.
After that, get experienced technical help immediately from a trusted security technology consultant.