Effective Ransomware Prevention and Response

Our companies and data are under an increasing assault from ransomware.  Its scale and scope have only grown as profits from attacks are used to improve ransomware technology, and news of ransomware’s exploits encourage others to enter this criminal enterprise.  Conversely, the ransomware attacks of 2017 have raised awareness of ransomware and concern for protecting organizational data. This leaves CIOs and CISOs asking how to protect against ransomware.

Ransomware protection is a blend of prevention and response.  Prevention controls are designed to reduce the likelihood of ransomware successfully infiltrating your organization.  However, no system is perfect, so it is vital to have response methods, including backup and recovery processes in place to handle those cases.

Reducing the likelihood of ransomware

Some activities companies can perform to reduce the probability of a ransomware incident include utilizing strong passwords, patch management, network segmentation, and employee education.   Collectively, these activities are part of an organization’s cyber hygiene.

Strong passwords help prevent against password guessing and cracking while patch management protects against known, vendor-remediated vulnerabilities. Network segmentation limits the potential scope of a ransomware attack so that ransomware only impacts devices and data on a single segment.

The last item, employee education, is one of the most important.  Solutions are not just technical; they have to address the human side of things too, and employee education helps prevent the mistakes that can lead to a ransomware outbreak.  Phishing, for example, is the most popular ransomware distribution method and employee education can train users how to recognize such messages and tactics so that they can be avoided.

Responding to ransomware

Payton and Wilson list incident preparation and quarantining procedures as crucial response activities.  Incident preparation includes putting together an incident response plan, practicing the plan, and ensuring that backup and recovery methods capture relevant data, are documented, and tested.

Ransomware has demonstrated its damage potential through the myriad attacks of 2017.  The threat continues to grow, and it is even more important today for companies to put the right technology, processes, and procedures in place to protect against this threat and to respond to ransomware incidents.

About The Author

Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

Leave a Reply