Shared Assessments’ Vice President Tom Garrubba and Senior Advisor Charlie Miller have been digging deep into ransomware risk trends. This pair hosted a webinar detailing trends and strategies for dealing with these devastating attacks on your organization, suppliers and vendors.
Garrubba and Miller identify the following four steps as limiting the chances of a ransomware attack on your organization.
1. Practice Good “Cyber Hygiene”
- Verify control procedures and processes are updated to address the latest cyber trends with a focus on Infrastructure Components:
- Attend to routers, switches, gateways, Citrix servers – disable or block unused ports on your networks and systems, apply the latest system updates, keep your anti-malware software up to date.
- Use remote tools such as Remote Desktop Protocol (RDP) – RDP is being abused to amplify DDoS attacks. It has been a popular target for brute force attacks for a long time, but attackers have now found a new way to abuse it.
- Use the basics like VPNs and separate routers for work.
2. Avoid Application Vulnerabilities
Bad coding leads to “defective” code. Defective code leads to vulnerabilities. While it is a best practice for a mainstream application’s code to move through a thorough secure code review during development, organizations are often haphazard on following the same secure systems development lifecycle (SSDLC) process while developing mobile applications. By not applying the same rigorous process, any defective code will lead to vulnerabilities that can be exploited by even the most novice of hackers.
3. Disaster Recovery
Make sure you have created and tested a compromised data recovery capability within your IT disaster recovery program. Update you Incident Response Plan to include how to deal with a ransomware event. Keep your Board informed and aware of the possibility of an attack and the probability of paying a ransom. Consider establishing a “crypto account” as it takes time to set up and fund. Cryptocurrency (i.e., Bitcoin, Etherium, etc.) is currency of choice for ransom payment.
4. Establish a Data Vault
To allow data recovery from malware free data.
Ransomware Best Practices
A few more best practices around ransomware include ensuring you carry cyber insurance. Check your policy for what is and what is not covered. Ensure you have identified and contracted a cyber forensics expert or ransom negotiator, and have your organization’s executives involved in and cyber attack simulation
Another great idea is to have an ethical hacker on staff. They often possess deeper levels of understanding as to how these threat actors work and think and may provide very useful guidance and next steps.
Finally, you must continuously stay on top of the latest threats and share these with all internal and external stakeholders. There must be a mission driven down from the top to ensure good cyber hygiene. This means that everyone works together: your cyber security teams, partners, vendors and suppliers. IT professionals must make it a point to brief executives and boards as to the very real dangers posed by a failure to fund and support cyber security efforts.