Top 10 tips for managing Ransomware Risk

It seems not a day goes by when we don’t hear about an organization falling victim to a ransomware attack. Traditional ransomware was designed to render your data and systems unusable by encrypting critical data files.  The culprits would in turn offer the victim the decryption key in exchange for a ransom payment.  Probably the most notorious example of this was the Colonial Pipeline attack in 2021.  The pipeline was shut down for a number of days crippling the fuel supply up and down the east coast. 

Another variant of ransomware that has gained popularity among cyber criminals involves the capturing of data from organizations and threatening the release of potentially damaging information.  With increased data sprawl associated with the use of Software as a Service, managing this risk has become a daunting task for IT teams, particularly when 3rd party managed solutions are compromised.

There are no sure-fire solutions to these problems, but with continued diligence hopefully we can begin limiting the impact.  Here is our top 10 list of controls that can help.

  1. Data Backups. This sounds obvious but many organizations don’t have an adequate backup strategy. Those who do should have processes in place to validate they can restore critical data in accordance with their organizations Recovery Point Objectives.

  2. In addition to data backups, you need a plan for restoring compute power as well.  This was a very costly thing 5-10 years ago, but with the maturing capabilities of AWS, Azure and GCP, it has become considerably easier to extend data centers to the cloud.  Consider doing so for critical systems.  Don’t forget desktop users, rebuilding thousands of desktops will result in significant downtime. VDI assets in the aforementioned cloud environments can be stood up very quickly if you have the requisite connectivity and configurations prepared before a disaster strikes.  Remember you may not have to pay the full costs for DR in the cloud when resources are not in use.

  3. If you don’t have one already, you need a good email firewall that can spot phishing and malware attacks. Email is still the most common entry point for cyber criminals.

  4. Multi-Factor Authentication is a must to protect against stolen credentials which is where many information disclosures begin.

  5. Encrypt Data in transit and at rest.  Just about all your database and backup providers offer encryption options.

  6. While it can be a maintenance nightmare, consider bring your own encryption key to SaaS solutions.

  7. Leverage a CASB.  There are too many SaaS solutions out there, security teams cannot be experts in all of them.  Mature CASB’s provide Network visibility and API integrations that can alert you to misconfigurations and attacks.  Some of the better ones will even ship with secure configuration settings for popular SaaS products.

  8. Flat networks are difficult to protect.  Break your network into multiple segments to help limit the impact should you become infected.

  9. DLP can be a challenging to tune but it can help identify data moving in and out of a network. Many DLP solutions have built in Data Discovery capabilities.  Knowing where your sensitive data exists is half the battle.

  10. Last but not least. Educate your users about internet & email safety, phishing, and how to handle sensitive data.

Previous
Previous

Defense in Depth v. Defense in Diversity

Next
Next

System Hardening Basics - Less is sometimes more