- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: CISO's guide to ransomware prevention in 5 minutes
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
CISO's guide to ransomware prevention in 5 minutes
Ransomware is known for freezing computers and rendering files inaccessible. It can also destroy computer systems, either temporarily or permanently. Ransomware can hurt businesses in a rapid, acute fashion. A ransomware attack can unfold in less than 45 minutes. As a result, the affected enterprise may not be able to properly use computing infrastructure for hours, days or weeks.
Ransomware-as-a-Service
New Ransomware- as-a-Service software enables any threat actor to invest in “off-the-shelf” ransomware products. In turn, any individual can independently execute a ransomware attack. After Ransomware-as-a-Service (RaaS) based attack is launched, the threat actor’s victim or victims are directed to the RaaS operators’ payment portal. In some cases, the operators provide “customer service” to help victims pay extortion fees.
Triple extortion threats
Free online ransomware decryption tools, data backups and other savvy tactics can help victims circumvent the difficulties caused by ransomware attacks. For example, enterprises can contend with encrypted files by restoring data from backups, making ransom extortion payment obsolete.
Threatening to leak sensitive data belonging to clients or threatening a Distributed Denial of Service attack against the target organization. These days, ransomware not only means infrastructure disruption and a potential for leaked internal data; ransomware threats are now very multi-dimensional. The bottom line is that ransomware threat actors are adding additional layers of pressure in attempts to force organizations to part with their resources.
Prevention
To prevent ransomware attack damage, implement these cyber hygiene habits and best practices:
1. Provide employees with cyber security awareness training. Many ransomware attacks start with a convincing phishing email sent to an employees’ inbox.
2. Develop stronger user authentication methodologies; these include multi-factor authentication and password policies
3. Ensure that your organization retains usable backups of all critical data, databases, key applications, and servers in non-networked locations.
4. Test backups regularly as part of your ransomware prevention strategy.
5. Segment networks to prevent lateral movement in the event of a breach.
6. Regularly update and patch software. Organizations have needlessly suffered security incidents due to patching oversights.
7. Deploy proven, effective threat detection tools. Opt for automated threat detection, which can increase advanced attackidentification capabilities.
8. Filter most threats out of systems before they can cause harm by using automated email security and endpoint security tools.
9. Pursue a ‘defense-in-depth’ approach, which refers to layering security measures.
10. Stay up-to-date regarding the latest security threats through vendor-sponsored blogs, like CyberTalk.org.
Defense
In the event that a ransomware attack hits your organization, here’s how to respond:
1.Contain the breach. Mitigate damage efficiently and avoid allowing the attack to worsen.
2. If possible isolate the infected device/s from your network.
3. Ensure that all traces of the ransomware/malware are removed from your system.
4. Scan backups to check for malware. If no threats are found, attempt to restore data from backups.
5. Contact internal IT administrators and executives who should know about the attack.
6. Organizations are also encouraged to reach out to law enforcement, as appropriate.
7. Avoid paying ransom extortion fees. Decryption tools are not guaranteed to work and hackers can still choose to leak data.
8. Regardless of whether or not you maintain a cyber insurance policy, contact your business insurance group.
9. Appropriate departments to notify clients other business relations who may have been negatively affected by the breach.
10. Reach out to your cyber security vendor, which may be able to offer further insights into your specific ransomwareexperience.
Specific solution types that can help...
1. Prevention-focused solutions that leverage AI within a multi-layered security architecture are best.
2. An intelligent, consolidated ransomware prevention architecture can prevent known and zero-day attacks.
3. Consider purchasing anti-ransomware tools that are part of a larger cyber security solutions package.
4. Seek out cyber security solutions that offer a high ROI (return on investment) and low TCO (total cost of ownership).