InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive labs to build you and your team's InfoSec skills
When it comes to ransomware, prevention is half the battle. This piece provides key steps to ensure your organization has the right controls and processes in place to protect against potential ransomware attacks.
As recent trends indicate, ransomware is here to stay, and its operators are getting better and bolder. Organizations should consider preventive measures, including:
Organizations must have effective, tested disaster recovery plans with verified offline backups, especially with new ransomware variants in the wild that target and destroy an organization’s backup infrastructure
– including Commvault, Tivoli Storage Manager (TSM) and many others.
This requires proper planning, documentation and exercising to ensure organizations can recover from a ransomware attack or other security incident before it affects their business on a larger scale. For example, many organizations conduct tabletop
exercises to validate their existing incident response plan works well and is understood.
Internet-facing vulnerabilities and misconfigurations are infection vectors of ransomware. To mitigate against such threats, consider conducting regular vulnerability scans, patch and updating software and operating
systems regularly, ensuring proper and secure configurations of devices, securing remote desktop protocol (RDP) and other remote desktop services, and disabling the SMB protocol.
You don’t need to be a proficient hacker to gain access to a reasonably secure information system via a simple phishing email. However, there are many technical controls to prevent phishing, including spam filters, DMARC, email
signing, website certificates, microsegmentation, SSO, MFA, least privilege and others. But the most effective controls are non-technical, including awareness trainings, timely reporting and out-of-band verification.
Controlled folder access monitors all processes attempting to change data in defined folders. If a process tries to modify files in protected folders without being authorized to do so, the operation is blocked and an alert is
generated – stopping ransomware and preventing malicious programs from making changes. When implementing controlled folder access, the user or the system administrator may add the necessary applications to an allow-list of applications that
are then allowed to access and change the protected folders.
Signature-based technologies are not effective in detecting a majority of malware today due to the ease with which a given piece of malware can be camouflaged or “packaged” to slip past traditional antivirus
solutions. Ensure your network and endpoint protection can detect and defend against obfuscated malware or zero-day attacks. Furthermore, consider implementing network devices that can block by file type and provide application control to the endpoint
In addition, consider implementing other general cybersecurity best practices and hardening, such as:
On-Demand Webinar: Do’s and Don'ts of Using Ransomware Brokers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide on defending against and responding to ransomware threats. The guide stresses the urgency of
being prepared for this type of threat by employing the following best practices to reduce the risk of ransomware and prepare for swift and efficient response:
The guide also lists the best defenses against ransomware’s most common attack vectors, including:
Other general cybersecurity best practices and hardening guidance include:
Like most attackers, ransomware gangs tend to focus on victims that offer the least resistance and the best return on their investment. Putting strong defensive mechanisms in place not only helps your organization stay off their list of easy targets,
but ensures you can recover quickly if the worst happens.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
October 19, 2021
By IANS Faculty
Continuous compliance requires continuous monitoring and validation of controls in the environment, as well as integration with governance, risk management and compliance tools and platforms. Understand the processes, tools, stakeholders and focus required for a best practice continuous compliance program.
October 14, 2021
Learn how the DDoS threat is evolving and get a step-by-step playbook to ensure your organization is protected against DDoS attacks and has a response plan in place.
October 12, 2021
Uncertain how to secure your M365 environment? Our Faculty identify and explain the five primary areas of M365 that will provide the best security return-on-investment with the least user experience impacts.