Our companies and data are under an increasing assault from ransomware. Its scale and scope have only grown as profits from attacks are used to improve ransomware technology, and news of ransomware’s exploits encourage others to enter this criminal enterprise. Conversely, the ransomware attacks of 2017 have raised awareness of ransomware and concern for protecting organizational data. This leaves CIOs and CISOs asking how to protect against ransomware.
Ransomware protection is a blend of prevention and response. Prevention controls are designed to reduce the likelihood of ransomware successfully infiltrating your organization. However, no system is perfect, so it is vital to have response methods, including backup and recovery processes in place to handle those cases.
Reducing the likelihood of ransomware
Some activities companies can perform to reduce the probability of a ransomware incident include utilizing strong passwords, patch management, network segmentation, and employee education. Collectively, these activities are part of an organization’s cyber hygiene.
Strong passwords help prevent against password guessing and cracking while patch management protects against known, vendor-remediated vulnerabilities. Network segmentation limits the potential scope of a ransomware attack so that ransomware only impacts devices and data on a single segment.
The last item, employee education, is one of the most important. Solutions are not just technical; they have to address the human side of things too, and employee education helps prevent the mistakes that can lead to a ransomware outbreak. Phishing, for example, is the most popular ransomware distribution method and employee education can train users how to recognize such messages and tactics so that they can be avoided.
Responding to ransomware
Payton and Wilson list incident preparation and quarantining procedures as crucial response activities. Incident preparation includes putting together an incident response plan, practicing the plan, and ensuring that backup and recovery methods capture relevant data, are documented, and tested.
Ransomware has demonstrated its damage potential through the myriad attacks of 2017. The threat continues to grow, and it is even more important today for companies to put the right technology, processes, and procedures in place to protect against this threat and to respond to ransomware incidents.