David P. Nowacki, CISA, CIA
Your organization recently suffered through a bout with ransomware, you had no choice but to pay the ransom to decrypt your files and get your business back up and running. Now, you’re wondering why it happened and what you can do to prevent it from happening again.
Here’s a list of reasons why you had to pay the ransom, and how you can prevent becoming a victim of ransomware in the future:
Your employees were not aware. Let’s get this out of the way first. This is the primary reason you were a victim of ransomware in the first place. A 2016 study published by Verizon indicated that approximately 30% of phishing emails received by people are opened. These same emails are common carriers for ransomware. If you think your employees are not a threat, think again. Phishing schemes and ransomware attacks are becoming increasingly sophisticated and harder to spot. A robust internal cybersecurity awareness training program, which includes ongoing awareness campaigns, will help close this gaping hole.
You didn’t implement passive and active vulnerability scanning in layers. The next best way to keep your employees from clicking on phishing emails is to keep the emails from reaching your employees in the first place. Email scanning should be performed by your provider (if you have an external host), at the perimeter firewall or network security appliance, internal mail servers, and endpoints, which include servers, network storage devices and employee workstations/laptops. Make sure you use a combination of passive detection (which only detects traffic that occurs once you become infected) and active detection (which proactively scans for infected or malicious files).
You didn’t limit employees’ use of personal portable storage devices. Another surprisingly common way that organizations are infected by malware is through personal USB drives. Employees bring an infected drive into the office, plug it in, and boom. Malware. Do everything you can to restrict the use of portable storage drives through policy and network permissions, and always scan new devices that are attached to your workstations.
You didn’t update your operating systems. While it’s true that attackers are generally a few steps ahead, the overwhelming majority of exploits stem from known issues with operating systems. The 2016 Verizon report concluded that the “Top 10” known vulnerabilities accounted for 85% of successful exploits. These vulnerabilities typically have patches available. Stop reading this article now, and verify that your systems are patched. If you are still using Windows XP, unplug it from the network and disable Wi-Fi until you can upgrade.
Local antivirus or antimalware software didn’t do its job. There are a variety of reasons this could happen. You could be using a free/budget version that doesn’t get timely updates. The software may not include real-time protection and only scans on a schedule. Users may have the ability to disable or defer a scan. In any event, make certain that your antivirus/antimalware solution is configured beyond the basic installation.
You allowed an extensive use of file-sharing on your network. One of the easiest ways to limit the impact ransomware has is to implement strict file-sharing policies. Ransomware typically attacks local drives and any network drives that the end user has access to. If you allow all employees to share all file storage across your entire network, there is no limitation on what can be encrypted by ransomware. Limiting permissions, and mapping specific shared drives based upon business need will limit your exposure.
- You didn’t have a proven backup/recovery solution. Even if you choose to do none of the other items on this checklist, make sure you have a proven, reliable backup and recovery method in place. The best way to avoid paying the ransom is to take the infected machine offline and restore encrypted files from backup. Be warned: if you do nothing else, you may find yourself restoring a lot of files.
Business and individuals alike face an uphill battle against the evolving threat of ransomware. If you have not equipped your organization with a multi-tactical approach to reduce risk, chances are you will pay the piper more often than not. The recommendations outlined above will help you set a direction for your organization to mitigate risks associated with ransomware. Actually implementing them…that’s up to you.
Additional Cybersecurity Resources from BlumShapiro:
- Our Cybersecurity Webinar and Checklist provides cybersecurity best practices for your organization
- Ransomware has affected countless people and businesses, learn about the new Ransomware Pandemic
Do your employees BYOD? Download our BYOD guide to learn how to protect your business
How BlumShapiro's Cybersecurity Team Can Help:
Could your organization be vulnerable to a cyber attack? What is your current exposure? How would your business continue to function in the event of a breach? Our cybersecurity experts can help you address the vulnerabilities and risks your organization faces against cyber security threats. Remember, the costs of developing a security strategy you feel confident about are minor compared to the potential financial and reputation risk if an attack or breach occurs. Learn more about our services >