The days of ransomware attackers demanding a few hundred dollars for a decryption key are long gone. Attacks have gotten more severe, and perpetrators have become bolder, demanding multimillion-dollar payouts from their victims.
Paying ransom, however, may solve one company’s problems but could make it worse for everybody else. “In some recent cases of ransomware attacks, the victim organizations have paid huge amounts to the attackers, which can be one of the reasons these attacks are getting more popular,” says Paul Webber, Senior Director Analyst, Gartner.
Instead of paying, he says, organizations should place a stronger focus on preparation and early mitigation. Gartner has issued a document listing six ways to defend against ransomware threats:
1. Initial Assessments
Conduct risk assessments and penetration tests to determine the organization’s attack surface and what tools, processes and skills are in place to defend against attacks.
2. Ransomware Governance
Before preparing a technical response, be sure to implement processes and compliance procedures involving key decision makers such as the CEO, board of directors and other stakeholders. If an attack occurs, Gartner notes, the press is likely to contact company directors, not the CISO.
3. Consistent Operational Readiness
To verify the effectiveness of existing security controls, conduct tests and drills “at regular intervals to check for vulnerabilities, noncompliant systems and misconfigurations.”
4. Data Backup
Back up all data as well as “every nonstandard application and its supporting IT infrastructure,” and test the backup and recovery to ensure they can handle an attack. Be sure to use controls that prevent online backups from becoming encrypted by ransomware.
5. Least Privilege
Implement least-privilege practices by restricting permissions, removing local administrator rights from end users, and preventing installation of applications by standard users. Multifactor authentication should be in place wherever possible, especially for privileged accounts.
6. User Training
Educate users on ransomware response actions based on guidance provided by government and regional authorities. Customize training to company needs. “Use cyber crisis simulation tools for mock drills and training that provide closer to real-life situations for better preparedness of end users against ransomware,” says Webber. Source
How Can ITM Help You?
iTM covers all aspects of Cyber Security including but not limited to Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Cloud security best practice & architecture and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.