As legislation around cybersecurity tightens, the total cost of a ransomware attack may now include fines and penalties on top of other recovery costs. Waiting to take action until after a breach occurs is too big of a risk.
Yet even as cybercriminals are becoming more sophisticated in their attacks, businesses can take practical steps to shore up their defenses. Technology leaders must ensure that protections are in place to mitigate attack risk and ensure a rapid recovery if an attack should occur.
A multifaceted strategy is key. From using MFA to providing cyber training to employees, every preventative technique serves a unique purpose and creates an additional barrier against malicious actors.
Ensure effective patch management
Effective patch management is one of the most effective ways to reduce the risk of ransomware attacks. Yet despite the advantages, many businesses struggle to adhere to the U. S. Department of Homeland Security’s recommendation to install critical patches within 15 days. In fact, in one survey of more than 500 CIOs, 81% of respondents reported delaying patches to avoid disrupting business. With as many as 20,000 patches issued annually, it’s no wonder that IT teams find it hard to keep up.
As cybercriminals increasingly rely on zero-day attacks to exploit previously-unknown vulnerabilities, as seen in a May 2023 attack leveraging the MOVEit file transfer system, it’s important to have a plan for rapidly identifying and employing critical patches across the business to minimize your risk of attack.
Back up data regularly
Cybercriminals bank on their victims’ desperation to recover stolen data. A recent data backup will significantly improve your recovery process in the event that cyber criminals make it past your business’s preventative measures.
When it comes to storage, an on-site location is not enough. Instead, consider using multiple storage systems to ensure direct access to your data. Cloud services are one of the most cost-effective and secure data storage options, and they typically provide access to recovery versions of your files, as well.
While regular data backups can’t prevent ransomware attacks, they can significantly mitigate the negative consequences when they occur.
Provide security awareness training to employees
Humans tend to be the weakest link when it comes to cybersecurity, and employees are often the target of phishing emails. That’s why having a cyber education and awareness strategy is a must for any business looking to protect itself against ransomware attacks. Phishing is the most prevalent attack vector — so it’s important that your team knows how to recognize and avoid these scams.
Rather than only providing a “one and done” training course on cybersecurity, incorporate regular refresher training and continual reminders to stay vigilant.
Use multi-factor authentication (MFA)
Stealing user credentials is one of the primary methods hackers use to gain access to systems. By using MFA, an organization creates an additional line of defense against an attacker with valid credentials. With MFA, an employee is notified when their user account is compromised.
While MFA is recommended for all users, it’s especially important for those with elevated privileges or access to high-value assets.
Segment the network
If ransomware is successfully installed in your environment, it will propagate itself as widely as possible to infect the largest number of files before activating. As a result, ransomware is most damaging when it is installed on “flat” networks, or networks with no internal segments or controls.
A segmented network can contain the spread of ransomware by preventing it from moving laterally across the entire network. If one segment of the network is compromised, the ransomware is isolated to that segment and prevented from infecting the rest of the network.
You can segment using network devices, such as routers and firewalls, or virtually using VLANs.
Limit user access privileges
Using the principle of least privilege, users receive the minimum level of access necessary to perform their role. Grant user access accordingly, and review user access rights regularly, to ensure employees do not retain unnecessary privileges.
Restricted user access prevents an attacker from deploying ransomware across your estate, even with valid credentials. With limited access, the attacker would need to escalate privileges in order to carry out the attack.
Protect endpoints
Endpoints, such as desktops, laptops, and mobile devices, are often the entry point for ransomware attacks. To protect them, install and regularly update antivirus and anti-malware software, use host-based firewalls, and keep all software and operating systems up to date with the latest security patches. Advanced endpoint management systems isolate user devices when they detect malware. This prevents the device from spreading malware further into the network.
Deploy email protection and filtering tools
Email is a common vector for ransomware attacks. Deploying email protection and filtering tools can help prevent malicious emails from reaching users’ inboxes and potentially infecting their systems. These tools filter out suspicious emails, block attachments that may contain ransomware and flag emails that contain suspicious links or content.
Leverage application allowlisting
Application allowlisting is a security measure that ensures only pre-approved applications run on a system or network. It will block all other applications, including unknown or potentially malicious ones, to help prevent ransomware from executing.
Take out a cyber insurance policy
If the worst does happen, cyber insurance can help mitigate any financial losses resulting from an attack. Make sure your policy covers ransomware specifically and is proportionate to any potential losses you could suffer.
Get a cybersecurity assessment
A ransomware attack can be devastating for an organization — and knowing that it could have been prevented only makes it worse.
Suffering financial and reputational damage is an expensive way to learn where your vulnerabilities are. It’s much cheaper to invest in cybersecurity protection before an attack occurs. An expert cybersecurity assessment can help you understand your vulnerabilities and provide you with a prioritized list of practical steps to protect your business against ransomware attacks.
Thanks to Crosslake security consultants, David Cooper and Daria Volynskaya, for their contributions to this post.
Want to learn more about Crosslake’s security program assessments, security scans or penetration tests? Talk to our team of cybersecurity specialists to find out how we help mid-market businesses manage their security programs to improve their security posture.
