Virtualization Technology News and Information
Article
RSS
The rise of ransomware: what steps to take to increase your cybersecurity strategy?

By Tomasz Wojciechowski, CISO | Head of Cybersecurity from Spyro-Soft, a member of SoDA Poland.

Critical cybersecurity threats nowadays are ransomware and supply chain compromises. The reason behind these trends is straightforward - money. Criminal groups want to earn money as easily as possible, considering the time and effort needed to prepare for such an attack. If an attacker wants to target a big company, they may face many issues and difficulties extending the time required to launch the attack. 

Attackers are clever. Therefore, they may try to hit the weakest link in the chain - a supplier of a big company, where cybersecurity may not be at a suitable level to tackle modern attacks. A good example of such a combination is the recent ransomware attack on the British NHS, where attackers targeted one of the suppliers. 

Fortunately, we are not helpless, and we can undertake specific actions to reduce the likelihood and impact of ransomware attacks. This article explains what steps to take to improve your cybersecurity. 

Prevention and detection

Prevention is mainly focused on both people and technology aspects. From the employees' perspective, it is crucial to improve awareness about modern threats and the consequences of a successful attack on an organization. 

A good approach is to guide and coach employees, teach them key cybersecurity principles, and encourage them to use common sense when using company equipment in daily tasks. It is also important to teach how to identify basic threats (e.g. phishing attempts) and report suspicious activities. It is vital to keep in mind that no matter how many awareness trainings an employee receives, it will not make them a cybersecurity expert. Therefore, other means must be put in place to battle ransomware attacks.

From a technology perspective, it is important to highlight key technologies like Antivirus, EDR, Firewall, Sandbox, IDS/IPS or mechanisms like Browser Isolation or even concepts like Zero Trust Networking which are all valid defensive mechanisms to battle modern threats including ransomware. 

It is also important to remember that although technology supports an organization in many areas of cybersecurity, it is not a silver bullet solution which will eliminate the risk of a successful ransomware attack. The challenge is to design an overall security architecture which is scalable, resilient, and not overcomplicated for employees who are responsible for maintenance and security monitoring. 

Network segmentation should also be applied to limit any spread of ransomware. It will be much more manageable to contain the ransomware in one subnet than across the whole organization.

From a process perspective, it is crucial to have a backup policy and actual backups in place ready to be able to recover systems in case of a successful ransomware attack.

Reaction

Reaction is the phase when an organization must act after a successful attack by cybercriminals. It is essential to have a plan (playbook) detailing what to do in case of a ransomware attack. The plan's goal is to ensure that there will not be any panic with ad-hoc actions taken, but that there's a structured approach with defined steps on how to deal with the attack.

The plan should contain at least:

  1. Defined roles and responsibilities for named individuals
  2. Defined communication path
  3. Defined technical process for incident handling, which should contain phases such as: Identification, Containment, Remediation, Recovery, Lessons learned

Finally, the plan should be regularly tested to identify any gaps that should be addressed.

In summary

Unfortunately, it is expected that the volume of ransomware attacks will only increase. Therefore, organizations must ensure they are ready to deal with attacks efficiently.

It is worth remembering that there is no one-size-fits-all solution in cybersecurity and the processes, procedures and tools should be tailored to an organization's business model, risk profile and other specific requirements. 

We understand cybersecurity can be challenging, but our team at Spyrosoft are here to help across all phases of cybersecurity including processes, procedures, and operations.

##

ABOUT THE AUTHOR

Tomasz-Wojciechowski 

Tomasz is a cybersecurity enthusiast with 15+ years of experience in various areas of Cybersecurity including Monitoring, Vulnerability Management, Threat Management, Incident detection and response, and Offensive Security. Focused on the practical side of cyber-operations covering technology, processes, and team cooperation. Responsible for building Offensive and Defensive Security Teams plus defining and establishing a portfolio of services to customers.

Published Tuesday, September 06, 2022 7:34 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<September 2022>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678