It seems like a week doesn’t go by that a client asks me what they need to do to stop ransomware. I’ve even had one person ask if there is a silver bullet – 1 thing that their organization can do to protect themselves from any possible ransomware infections. Considering the devastating effects that ransomware can have on an organization, the desire for a single solution is understandable.
Is there a silver bullet?
There is no single silver bullet – there are many. Often, ransomware incidents I get involved in are lacking at least one of them.
So, what are these silver bullets? To protect against the threat of ransomware, you need to consider the following measures:
First, to state the obvious, ransomware is difficult to prevent, but you can put controls in place to help minimize the damage. Prevention can come in the form of many different controls. In my experience, Security Awareness Training is number one on the list. Most attacks of this nature come from an email with a link that a user clicks on, which makes user awareness a key to prevention. Technical controls such as web application filtering and next generation firewalls are also critical. A review of system access, delegation of administrator roles, and implementation of role based access control are effective measures, as well. Lastly, the integrity of your backups is vital to minimizing the extent of a ransomware infection. They are often overlooked in the realm of security, but could save you a lot of time and money.
Detection goes beyond the realization that your organization just got infected (which is obvious most of the time in ransomware cases), you also need to understand the extent of the damage. Your response plan (which I’ll talk about in the next section) can’t go into motion until you’ve recognized that you’ve been breached. If you’re slow to detect, you’re going to be slow to respond. Rapid response can best be achieved by using detection tools (which we’ve written about in other posts before). In lieu of that, you’re relying on your users noticing that something is wrong. In either case, your response needs to be planned and your team needs to be prepared to execute it.
How you respond to a ransomware attack is very important. Having a plan is the key to surviving and will require you to give thought to whether you pay the ransom, how you will pay the ransom, and how you will contain the damage. The plan should be formally documented and discussed with management. Many organizations that I’ve spoken to that have been impacted by ransomware have gaps in their detection and response processes.
Performing any one of the above is not going to cut it. You need to have a holistic approach to securing your organization. This is what I do for organizations – understand how the organization works, where the risks are, identify the gaps, and work toward filling them.
Do you feel like your organization can improve in any of these areas? Is your response plan in place? We’re happy to help. Contact us at firstname.lastname@example.org or 630.832.0075.