May 27, 2020
The FBI says ransomware attacks now are more sophisticated, costly and targeted. As a result, cybercriminals can take advantage of security weaknesses in widely used software programs. By doing so, they gain control of victim systems and deploy ransomware.
For example, recently exploited vulnerabilities were discovered in two remote management tools used by MSPs to deploy ransomware on at least three MSPs’ customers’ networks.
Jason Kotler is founder/president of ransomware negotiation firm Cypfer. He helped compile the cybersecurity best practices.
Cypfer’s Jason Kotler
“The best practices are meant to cover broad areas in which companies may have gaps or may have become complacent … or may not be aware or vigilant to be able to respond to current cyber threats,” he said.
With COVID-19, work and personal workspaces and devices are being blended, Kotler said. People are not working inside their secured corporate offices, or using VPNs or other IT security measures at home, he said.
And finally, workers might focus more on the human virus instead of computer ones, such as phishing emails, he said.
“An inherent shortcoming is that no cyber technology solution or best practices are 100%. And there is always potential for human and technology error,” Kotler said. “This is where cyber insurance may come in to protect the unforeseen and to help organizations cover the costs of recovering from an unexpected breach.”
Preventive and Responsive Defenses
Industry experts often cite two categories of ransomware defensive approaches and offerings — preventative and responsive.
Preventive strategies stop attacks from succeeding so businesses maintain access to their data. These include training employees, and implementing the proper cybersecurity software to protect primary data. But also a second layer of data protection on secondary storage to ensure the complete recovery of criminally encrypted data.
Responsive ransomware strategies include ransomware recovery experts to minimize downtime and potential financial loss if an attack succeeds. These measures also include an MSP to assist in finding all possible alternatives to return critical data to the customer. Additionally, it includes a credible cyber insurance provider at the company’s disposal to cover the event and address financial damage.
The following are five cybersecurity best practices as cited by experts in these areas:
Cultivate a security-aware culture. Educate and train employees on the dangers of phishing emails.
Back up files and protect backup data. Regularly back up data using a 3-2-2 methodology. Store three copies of data locally on secondary storage. Then keep two additional copies of backup data on different locally available devices. And finally, store two backup copies offsite at two remote locations, such as a remote facility or cloud-based platform.
Secure the network environment. Keep programs and operating systems up to date, Also, ensure servers are patched and updated. And finally, restrict and limit system components and administration tools by granting users enough access or privileges to accomplish a task or run an application.
Defend primary data. Choose offerings with an effective record of success and deploy accordingly to protect both traditional and remote workforce environments.
Get cyber insurance. Get a policy that protects against such attacks and the resulting liability. This could mean the difference between staying in business or claiming bankruptcy.
Ransomware Recovery Expert Critical
A ransomware expert can help if devices on a company network fall victim to cyber attackers and data needs to be recovered. The expert can negotiate the ransom demand with the threat actors and to try to reduce the financial impact.
To mitigate the risk, the incident response team should investigate all the alternatives. Those include recovering from backups, rebuilding server environments and deploying free decryption tools, or negotiating with the threat actors.
As a last resort, a company can …
… direct the expert to determine the most suitable response to the specific threat. The expert can negotiate and facilitate the ransom settlement, and get the decryption tools to restore data files.
“Organizations that cannot provide required levels of cybersecurity, data and privacy protection, and other integrity assurances may be barred from doing business with certain companies which have obligations to maintain stringent data protection and privacy policies,” Kotler said. “And they will lose out on business to competitors who invest in and can provide it. Further, if your organization suffers a cyberattack, or does not adequately respond to the breach, then reputationally it can lose considerable goodwill (with customers, suppliers, regulators, employees, etc.) and may lose current and/or future business and relationships to competitors.”
“These time-sensitive events need to be addressed quickly,” said Eran Farajun, Asigra’s executive vice president. “Whether for pre-attack preparation or post-attack emergency support, it is critical to have industry experts available.”
The five cybersecurity best practices and experts will provide the best chance of making it through an event, he said.
About the Author(s)
You May Also Like