As an IT professional, you have good reason to worry about Ransomware attacks. They don’t discriminate, victimizing organizations of all kinds – public and private, and in every industry. If you don’t already know a victim, you probably will.
Cognyte research indicates that there were as many ransomware attacks in the first half of 2021, as in all of 2020. Thousands of victims in 18 months, in over 60 countries, and in dozens of industries.
Ransomware isn’t however (thank goodness) invincible. It’s only as strong as its weakest link. That means – you’ve got a good shot at preventing serious ramifications for your business. Protecting your business and your reputation is within reach.
Here are some helpful cybersecurity best practices that you can implement or tune now to protect your data and business resilience.
1. Educate Employees
Employees are the most common entry point for an attack, especially front-line workers. Phishing attacks and social engineering are well evolved from what we knew even 10 years ago. They are in fact so advanced that they often fool security professionals.
Your employees can only do what they’ve been armed to do – so don’t blame them for mistakes. Arm yourself for that possibility using the tools we’ve already discussed.
Focus on training. Help your teams and co-workers to identify attacks by sharing phishing and social engineering methods and vulnerabilities; work to build strong passwords and browsing safety; use multi-factor authorization and always use secure network access – never “public” Wi-Fi.
Remember too to help employees know what needs to happen and who to contact if they believe they have fallen victim or been compromised.
2. The Zero-Trust Model
Zero Trust is about maintaining the perspective of not trusting any user or device even if inside the corporate network. Work toward requiring more than ‘just’ a password by also requiring adoption of multi-factor authentication (2FA or MFA) as well as role-based access control (RBAC). Monitor for malicious activity and have mitigation processes and encrypt data both in-transit and at-rest, making data removed from the site unusable as well.
Of course, it should be clear that factory passwords on devices, network components – anything default really MUST be changed.
Keep ‘Backups’ secure in the Zero Trust model. If you limit access to backups, you’ll secure a common entry point for ransomware. Consider moving to just-in-time (JIT) security, granting access to critical business data only ‘as-needed’ or for a pre-determined period of time. Consider implementing something like Threatlocker to add Zero Trust to all your endpoints with thorough application whitelisting.
3. Timely Upgrades and Software Updates
Using out-of-date software provides potential attackers a ready-made point to exploit security vulnerabilities. To reduce the attack surface, patch and upgrade infrastructure, operating systems, and applications routinely. It’s also crucial to update your backup software! Don’t fight today’s ransomware attacks with outdated tools.
With respect to software updates – a key factor in detection of ransomware and malware is a high quality Anti-virus solution. Consider industry leading security software like ESET – which offers multiple detection processes, and regular updates for new virus signatures and vulnerabilities – as well as monitoring capabilities.
4. Follow Backup Best Practices like the 3-2-1-1 Backup Rule
Backing up data, system images and your configurations frequently means that secure, and up-to-date data can be deployed if ransomware does strike. A solid backup strategy goes further by also avoiding a single point of failure (SPoF), by dispersing your data using the 3-2-1 backup rule.
Keep three or more copies in different locations – using two distinct storage types (HDD, SSD, USB, Tape, Optical, etc.) and storing at least one copy in an off-site location. This will reduce the chances of an attacker gaining access to everything. The 3-2-1 approach ensures that a vulnerability in one of those (say, your backup server) doesn’t compromise all of your backups, and it provides options if an attack takes out an entire data center.
For true protection – go one more step to 3-2-1-1, by keeping at least one copy on an immutable (can’t be changed) and indelible (can’t be deleted) form of storage.
The term “immutable storage” is bit of a buzzword with backup vendors these days. Look for immutability that is both logical and includes some kind of physical immutability, and it’s important to include built-in security layers.
The industry is moving towards adopting two types of immutability. A ‘monitored’ form where administrators must discretely ‘allow’ modification to data, and forms that are truly un-alterable – data that is not changeable under any circumstances. Both forms should include a time locking system that is completely independent from the OS, so that if the clock on a workstation is spoofed, it does not affect the release of the data.
We have a great article on different backup strategies you should be considering.
5. Network Segmentation
From the perspective of an attacker – nothing is better than a single, flat network with no barriers. They can spread throughout your entire infrastructure with ease.
A valuable tool to stop spread and reduce the attack surface is to employ network segmentation and deeper micro-segmentation. Networks can be divided into multiple zones of smaller networks where access is both managed and limited. Segregating inventory systems from CRM’s, and ensuring desktop networks are segregated from server networks, and especially to your most crucial data sources. You’ll also want to employ best practices to keep your most vital infrastructure elements off the web and without access ‘in or out’ from any point outside your network.
As part of your company’s zero-trust model segment third-party vendors. There are many attacks to supply-chain as a result of vendor security failures. The Sunburst hack and Colonial Pipeline attack are two great examples.
6. Account for Endpoints
Most organizations have a lack of visibility into remote endpoints. It has now become a routine compromise for attackers to get past your front-line defences and “hang out”. These incursions stay dormant long enough to locate weaknesses and find the best time to attack.
Don’t give Malware and Ransomware a home. You need to implement tools that provide complete visibility across your environment, detecting anomalies, both monitoring, identifying, and alerting you to unwanted activity on your network. This will help you to mitigate both threats and vulnerabilities before attackers can take action.
7. Build and TEST Rapid Recovery solutions
Ransomware’s success depends on two things. Enough time for the incursion to ‘cripple’ your systems, and your financial willingness to make it stop. When recovery could take weeks or months and was a manual process that impacted multiple stakeholders – the option of ‘paying for the solution’ was attractive.
With solid backup and recovery solutions, recovery can be executed using flexible and alternative options. Rapid deployment of a datacenter on cloud provider for example that can shorten downtime, and automation tools can clean and secure your infrastructure providing a real alternative to paying attackers off.
Building the right backup and recovery tools can reduce recovery to minutes or hours, rather than days or weeks, and regular testing of your solution can validate your recovery plan.
Regular testing ensures your plan will work when needed. Testing your system initially will ensure things are ‘working’ but it is important to test regularly. IT deployments change frequently, and you don’t want to be caught off guard if an updated system breaks your recovery processes. Of course – you’ll also want to ensure that your testing takes place in a well isolated ‘sandboxed’ testing environment that effectively models and aligns with your ‘live’ systems.
Testing your recovery strategies frequently is your guarantee that you can recover quickly in a worst-case scenario!
8. Your Cyberattack Playbook
Consider the response within your organization if everyone understood your plan for what to do, who to communicate with, and how to manage an incursion, or attack from ransomware. The creation of a cyberattack playbook can give you that plan – with clear roles, and empowered teams across functions, with defined communication paths and the right protocols to respond effectively in the event of business altering situations.
Set up a communication channel on a secure texting app (like Signal) for your senior leadership to communicate in the event of a cyberattack – since attacks can take down internal mail or communications. When you’ve created your strategies, and implemented some of these techniques we’ve shared, have a third-party agency or expert audit your work.
Final Thoughts
The best way to keep ransomware and co-ordinated attacks out of your IT infrastructure is to plan for them. Take those important steps to secure your systems while developing backup and restore solutions that will keep your business running if cybercriminals were just a little better than your planning.
Success comes from resiliency. Starting with good cyber-hygiene, a well-designed backup strategy, and a solid and tested recovery plan, you should never have to pay a ransom due to your hard work.
MSP Corp understands that you’ve worked hard to build your business and you want to protect it. With a mission to be a world-class business partner for MSP owners across Canada, we actively seek to acquire and partner with owners looking to secure the value of the business they have built and provide a seamless exit process that ensures business continuity and employee and client stability.
Contact us today to learn more about selling your business and maximizing its value.