Cybersecurity After Dark | Episode 5
It doesn’t take much to expose an organization to ransomware. Whether it’s a vulnerability from not patching or an uninformed employee clicking on an “infected” link, a lot of ransomware attacks happen because of a lack of cybersecurity protocols. That’s why good cybersecurity hygiene is crucial…and also pretty simple. Sean and Dan lay out six key areas for ransomware protection.
1. End-user training
Sean and Dan agree that end-user training should be first and foremost at the top of any cybersecurity protection plan. People are all too often the point of failure for ransomware attacks. It takes one click on a suspicious phishing email, and the organization could be compromised. The best way to curb this habit is to educate your users, especially employees and staff.
There are many programs out there, but here’s what to look for:
- Webinars with lessons and quizzes that must be passed
- Ensure that the program also has overhead from management that can track program completion
- How do you know the program works? Test people with synthetic phishing attacks that evaluate the user on their ability to put cybersecurity best practices into action
End-user training should create benchmarks that make people smarter and more aware. Let’s face it not everyone is tech-savvy and even those who claim to be can be fooled. Educating people on what to look out for is the first step in creating a solid ransomware protection program.
2. Phishing Detection
Phishing detection is a technology that funnels suspect emails before they are delivered to an inbox. A good system will flag and label suspect content and place it in a separate space for review. Then users can identify whether the mail is safe or further inform the phishing detection service that the sender is definitely unsafe.
3. Identity Access Management for ransomware protection
Third on the list is Single-Sign-On (SSO) and Multi-factor Authentication (MFA). These ransomware protections reduce the attack surface. Passwords are vulnerable and access can be easy sometimes, especially when people use their name and birthday consistently (we are all guilty). If you do enact SSO, it’s important to emphasize complex passwords and periodically update those passwords. CISA recently identified SSO as a “bad practice”, so many organizations may begin phasing it out in favor of MFA.
MFA requires two-step or more authentication via virtual or physical tokens. This could mean logging in with a password, and then authenticating the environment with a code sent to your phone. It sets up a whole other level of policy for access controls, by enabling management or IT to allow specified access to applications based on location or level of authority. For instance, it dynamically understands where you are for a successful login and flags suspicious activity. Someone logging in from Washington, D.C. and then an hour later from San Francisco would be flagged due to the sheer impossibility of a person traveling that fast.
4. End-point detection and response
As Dan puts it, the end-point detection response is the “just in time control.” Unfortunately, things do get through signature-based controls. That’s why it’s important to monitor endpoint and network events and record the information in a central database where analysis, detection, reporting, and alerting can take place. This ransomware protection method isolates suspicious activity in systems, sends alerts to the firewall, and upon further investigation can also help with false positives. In the future, there’s a lot of push for this advanced security technology to incorporate AI for end-point detection. Equipped with that kind of knowledge base, the system may even be able to create a self-healing response to cyber attacks.
5. Patch management as ransomware protection
“Patch your stuff!” says Sean. There is nothing more frustrating than a cyber attack that could have been avoided with a simple update. Patching is critical for any organization, especially those that are in a remote or hybrid work environment. Make cyber hygiene routine. Whether weekly or otherwise, create a schedule around these updates and make employees aware of them. About 12 percent of outward-facing exchange servers on the internet are still unpatched, which is baffling to Sean and Dan. Whether it’s laziness or ignorance, doesn’t matter; your IT management needs to be on top of patch management as a ransomware protection method.
6. Network isolation and segmentation
Network isolation and segmentation should be planned during the design phase of a network infrastructure. The network engineering team should always consider cybersecurity and operations. It prevents ransomware by isolating things in the network so that if ransomware does hit, you can contain the attack within a certain subnet area. It does this by ensuring that things that should communicate do communicate. Those that don’t need to communicate do not have a way to communicate. For instance, your internet should not be reachable from a production system that manufactures automobiles.
Ransomware protection means prioritizing cybersecurity
There are too many examples of organizations that have not prioritized cybersecurity protocols and have suffered the consequences of a compromised system. The cost of a ransomware attack far outweighs taking time to train people and investing in strong systems that are built around ransomware protection. As organizations continue to expand their digital experiences and commerce, these six key cybersecurity protocols are essential for securing assets and the organization’s bottom line.