Six steps to protect your business against ransomware attacks.
Francis O’Haire
Group Technology Director
A proven thought leader with vast experience in both the technical and commercial aspects of this fast-changing industry. Francis is a true technologist with a unique understanding of the needs of the channel and their end users.
We all know that the chances of falling victim to a ransomware attack have never been higher, and it is not just high-profile organisations who are at risk. Everyone is at risk, regardless of size, industry, location and even revenue size
IT environments are widely distributed across devices, systems, clouds and locations. And that was before the pandemic brought about widespread remote working, as well as a wave of highly sophisticated new cyberthreats. For many years, companies have always ranked security as relatively high, it has never been more crucial in our ever more connected, and increasingly hybrid world.
When it comes to refreshing or reinvigorating security policies, many companies simply adapt their existing solutions, roll out a technology in response to a specific incident in a particular area of their infrastructure, or change their cloud architecture to better meet their requirements.
We sat down with Francis O’Haire, Group Technology Director at DataSolutions to ask him what companies should be doing to protect against these types of ransomware attacks. He gave us six different steps that all organisations should be taking.
1. Don’t forget the security basics
Something that people often forget, and is probably the most important – the basics. Whilst traditional approaches can be effective, they need to be tested and fine-tuned. You can’t forget things like having a well-tested backup and recovery plan or a timely patch management process. Furthermore, you need to ensure that you implement well-managed perimeter and endpoint security policies.
Together, these should prevent the amateurs from doing any real damage, but unfortunately they won’t stop a sophisticated attack. It’s also vital to keep software and operating systems up to date through timely patch management, but again does not guarantee you’re protected as many attacks are against unpatched vulnerabilities and are known as Zero-Day Attacks. This is where our next steps come into play!
“66% of respondents said that traditional security solutions either don’t work at all in cloud environments or have only limited functionality”
2. An old dog should learn new tricks
The 2019 Cloud Security Report by Cybersecurity Insiders found that 66% of respondents said that traditional security solutions either don’t work at all in cloud environments or have only limited functionality. And that was two years ago – think about how much things have progressed since then in terms of both technologies and threats. That’s precisely why newer technologies and approaches are required to put up a better defence against the latest threats. These include cloud-native security solutions, micro-segmentation, next generation endpoint and sandboxing solutions, and Zero-Trust Network Access.
Zero-Trust Network Access (ZTNA) is an architecture whereby resources and applications cannot be accessed until both the identity of the requesting user or device and their authority for such access is verified. ZTNA is a strategy rather than an individual product but several of DataSolutions’ vendors offer key components. HPE Aruba and Citrix offer secure networking components and ColorTokens and Check Point have solutions which protect on-premise, cloud, remote and mobile applications, users and devices.
Check Point, for instance, has a portfolio of products under their CloudGuard brand which protect public cloud hosted assets including container based and serverless applications and those running on AWZ, Azure and GCP public cloud platforms.
3. Prepare for the worst
Unfortunately, you do need to prepare for a breach or hack, which means implementing a comprehensive and regularly tested Business Continuity (BC) plan. In other words, this will define what happens if an attack proves to be successful. As well as helping to safeguard critical information, a good BC strategy can reduce the impact on operations and service in the event of a breach. The foundation for this is maintaining and testing your backup regularly, especially the recovery capability of critical systems and data. These backups will be primary targets too though, so must be kept out of reach of attackers.
4. Divide and conquer
Traditional perimeter security solutions, such as firewalls and proxies, are still essential. However, it can almost be assumed nowadays that a motivated hacker will get inside your network, so these will not be enough. These perimeter solutions do not prevent that attacker from then moving between internal systems in search of valuable data to steal and potentially encrypt for ransom. To prevent this internal reconnaissance, or what is called “lateral movement”, a newer approach called Micro-Segmentation is needed.
By defining and enforcing how internal systems can communicate with each other on a much more granular level, an attacker’s freedom to roam the network is thwarted, therefore protecting critical data and systems. Think about your environment as if it were a modern airport – place strict controls on both staff and travellers (hackers) in terms of where they can move within the environment in order to create a safe and secure space.
A good example is the ColorTokens Xtended ZeroTrust Platform which delivers a cloud-managed Micro-Segmentation solution for hybrid and multi-cloud environments. It delivers comprehensive visibility and centralised policy management, eliminating the need for subnets, hypervisors, and internal firewalls. As additional cloud-native or traditional applications and workloads are provisioned, protection is automatically extended to them.
5. Delve deeper
Older endpoint security approaches such as anti-virus are also no longer up to the task of preventing a laptop or mobile device from being the point of entry for an attack. These products often rely on prior knowledge of a vulnerability or malware.
Modern endpoint security solutions, such as Check Point’s Harmony Endpoint, can protect against completely unknown and never-before-seen attack methods. This is achieved via capabilities such as Threat Emulation and Threat Extraction where a suspicious file or program is opened in an isolated sandbox where its behaviour and intentions can be safely determined and neutralised, as necessary. Harmony Endpoint also includes advanced functionality such dedicated Anti-Ransomware and Anti-Phishing protections.
6. Practice and preach
Don’t just leave it down to the technology to protect your business. Staff training is also just as important to include in building a multi-layered security strategy. Many targeted attacks will start with a phishing email where a legitimate looking request from a colleague, supplier or customer will entice the user to click on a malicious link or open an infected attachment which then lets the attacker gain access to the network.
Teaching employees how to identify these fake requests is essential. So too is the need for staff to know how important it is for them not to be afraid to report them quickly if they do fall victim to one.
In summary
Ransomware and other cyberattacks can be devastating, not only in terms of operational disruption but also reputational damage and financial cost, and they are inevitable. Remember, no company is immune to attack or “too small” to be targeted. However, such attacks can be prevented or have their effects neutralised with the right security solutions and strategies in place. Of course, as threats continue to develop, so too must your approaches. Standing still and being reactive will not help to protect your business against ransomware and other attacks; it’s about continually reviewing, adapting and taking proactive action.
For more information on how DataSolutions can help your business protect against ransomware, check out our cybersecurity Vendors or get in touch directly by emailing sales@datasolutions.ie