InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
When it comes to ransomware, prevention is half the battle. This piece provides key steps to ensure your organization has the right controls and processes in place to protect against potential ransomware attacks.
As recent trends indicate, ransomware is here to stay, and its operators are getting better and bolder. Organizations should consider preventive measures, including:
Organizations must have effective, tested disaster recovery plans with verified offline backups, especially with new ransomware variants in the wild that target and destroy an organization’s backup infrastructure
– including Commvault, Tivoli Storage Manager (TSM) and many others.
This requires proper planning, documentation and exercising to ensure organizations can recover from a ransomware attack or other security incident before it affects their business on a larger scale. For example, many organizations conduct tabletop
exercises to validate their existing incident ransomware response plan works well and is understood.
Internet-facing vulnerabilities and misconfigurations are infection vectors of ransomware. To mitigate against such threats, consider conducting regular vulnerability scans, patch and updating software and operating
systems regularly, ensuring proper and secure configurations of devices, securing remote desktop protocol (RDP) and other remote desktop services, and disabling the SMB protocol.
You don’t need to be a proficient hacker to gain access to a reasonably secure information system via a simple phishing email. However, there are many technical controls to prevent phishing, including spam filters, DMARC, email
signing, website certificates, microsegmentation, SSO, MFA, least privilege and others. But the most effective controls are non-technical, including awareness trainings, timely reporting and out-of-band verification.
Controlled folder access monitors all processes attempting to change data in defined folders. If a process tries to modify files in protected folders without being authorized to do so, the operation is blocked and an alert is
generated – stopping ransomware and preventing malicious programs from making changes. When implementing controlled folder access, the user or the system administrator may add the necessary applications to an allow-list of applications that
are then allowed to access and change the protected folders.
Signature-based technologies are not effective in detecting a majority of malware today due to the ease with which a given piece of malware can be camouflaged or “packaged” to slip past traditional antivirus
solutions. Ensure your network and endpoint protection can detect and defend against obfuscated malware or zero-day attacks. Furthermore, consider implementing network devices that can block by file type and provide application control to the endpoint
In addition, consider implementing other general cybersecurity best practices and hardening, such as:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide on defending against and responding to ransomware threats. The guide stresses the urgency of
being prepared for this type of threat by employing the following best practices to reduce the risk of ransomware and prepare for swift and efficient response:
The guide also lists the best defenses against ransomware’s most common attack vectors, including:
Other general cybersecurity best practices and hardening guidance include:
Like most attackers, ransomware gangs tend to focus on victims that offer the least resistance and the best return on their investment. Putting strong defensive mechanisms in place not only helps your organization stay off their list of easy targets,
but ensures you can recover quickly if the worst happens.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
January 26, 2023
By IANS Faculty
Gain an understanding of primary passwordless use cases along with helpful passwordless workarounds to address common issues.
January 24, 2023
Gain a more in-depth understanding of common passwordless platform issues, alternative solutions as well as tips to make passwordless work in real-world business environments.
January 19, 2023
By Ian Amit, IANS Faculty
IANS Faculty member, Ian Amit, discusses how shifting the Security/DevOps paradigm can help improve cloud infrastructure security.