Arraya Insights | September 7, 2021
The 2020’s have been off to a tumultuous start. As the COVID-19 pandemic battles on, another pandemic has been riding its wave. Industries of all types have been feeling the effects of increased cyber-attacks, specifically related to ransomware, and there are no signs that these attacks will slow anytime soon.
Ransomware is commonly spread through phishing scams, in which a malicious actor tricks the victim into giving away personal or identifying information. The hackers then use this information to gain unauthorized access to accounts, networks, computers, and more. Once in, they can encrypt important and necessary data and hold it ransom until their demand is paid.
Revolt Against Ransomware: 6 Recommendations from the Government
Ransomware has become a momentous hazard and as more industries undergo a digital transformation, this cyber threat reaches further into every corner of our society. Due to the increased threats and damages associated with ransomware, the U.S. government is taking a more active role in increasing the awareness of this cyber threat. On May 12, 2021, President Biden issued an executive order on improving the nation’s cyber security.
In June 2021, just following that executive order, Anne Neuberger (Deputy Assistant to the President and Deputy to the National Security Advisor for Cyber and Emerging Technology) released a letter urging corporate executives and business leaders to take immediate action against ransomware.
Here’s what they deemed were “essential actions” that every organization should take:
- Implement the following security practices immediately:
- Utilize Multi-Factor Authentication
Multi-Factor Authentication (MFA), also referred to as two-factor authentication (2FA), allows users to provide two pieces of identification information before gaining access to an account, as opposed to a single password.
- Adopt Endpoint Detection & Response
Once you’re a victim of a ransomware attack, malware can be very difficult to detect within your system. The longer it goes undetected, the more damage it does. Endpoint Detection and Response (EDR) detects threats that have entered your environment through continuous file and system analysis. If a threat is detected, EDR quarantines the file or kills the malicious program to prevent it from causing further damage and eliminates it.
- Use Encryption
When information and data at rest are encrypted, it’s translated into a scrambled, unintelligible language that is useless to unauthorized viewers. Only the user with the encryption key can decrypt the data. Should initial ransomware defenses fail, and a malicious actor gain unauthorized access to encrypted data, they’ll be unable to decipher and use it.
- Create a Skilled & Empowered Security Team
As cyber threats and ransomware attacks are ever evolving and continue to get more advanced (with higher ransom demands), your security team has a never-ending job of staying on top of the latest threats. As they follow the development of ransomware and work to implement the most innovative security products, your team must remain highly motivated. For those who don’t have the capacity for an in-house security team, this can be outsourced to a provider, like Arraya, to ensure you’re getting the insight and expertise needed to combat ransomware.
- Share & Incorporate Threat Information in Your Defenses
Sharing information related to cyber threats, incidents, and vulnerabilities helps everyone better understand these threats and how to appropriately respond to them. The U.S. Department of Homeland Security (DHS) and Department of Justice (DOJ) have joined forces to launch a new website to provide organizations with ransomware-related resources, which includes information on reporting ransomware incidents to both the FBI and CISA.
- Backup Your Data
When a ransomware attack strikes, victims face financial harm in multiple ways. They’re unable to access important data that’s necessary to run their business, which can result in significant business interruption costs, and they face the potential ransom demand, itself (although the FBI recommends you do not pay these demands). Ensuring your data is regularly backed up will allow you to continue operating, as normal, should data be encrypted. It’s important that backups are not connected to the business network as most hackers will aim to delete any accessible backups.
- Update & Patch Operating Systems, Applications & Firmware
While the constant reminders and pop ups for software updates and patches may get annoying, they’re important. These should always be completed in a timely manner (ASAP) to ensure the system remains as secure as possible. You may want to consider a centralized patch management system, which updates numerous devices through one platform.
- Test Your Incident Response Plan
No matter how secure a system is, there’s always a way for a malicious actor to get through. If you have an incident response plan in place, this is a good step in preparing for an attack. However, you should be testing your plan to expose any potential gaps in your security. Start out by running through some core questions to build/enhance your plan. Should certain systems fall victim to an attack, can you sustain business operations? For how long? Who needs to be involved when responding to a potential breach? What’s everyone’s individual role? Run drills regularly to make sure all parties are clear on the plan.
- Test Your Security Team
Using a third-party to test the security of your systems is a great way to expose vulnerabilities that your organization may have overlooked. Whether your team is unaware of a new threat, a solution isn’t working correctly, or someone made a mistake, it’s better that a professional expose these errors before a hacker does.
- Segment Networks
Maintaining separate networks for corporate business functions and manufacturing/production operations can help isolate a cyber-attack, should you fall victim. Limiting internet access to operational networks is generally a safer practice and it’s important to maintain manual controls in the event they’re needed. Contingency plans should be tested regularly to ensure all run as intended.
The U.S. Department of Homeland Security (DHS) and the Department of Justice (DOJ) have joined forces to launch a new website to provide organizations with resources to learn more about ransomware and how to both prevent and respond to these attacks.
Next Steps: Act Now Against Ransomware
It’s important to view your cyber security posture realistically, knowing that it’s not a matter of if you’ll fall victim to a ransomware attack, but when.
To learn more about how you can take immediate steps to improve your security posture against ransomware, speak with one of Arraya’s experts today.
Visit https://www.arrayasolutions.com/contact-us/ to connect with our team now.
Follow us to stay up to date on our industry insights and unique IT learning opportunities.