“Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s personal data or perpetually block access to it unless a ransom is paid.” ~wiki
While the above is a great definition, it still doesn’t quite summarise exactly what it is and how it can affect your business.
A hacker uses any of the means at their disposal to get their ransomware into the business’ IT environment. The ransomware then encrypts specific files, parts of the network, or the entire environment, preventing access and disrupting or disabling normal business operations. The hackers responsible then send a message to the victim business demanding a ransom payment (often in cryptocurrency but not always) for the decryption code to regain access. Usually, they put the victim on a time limit on the ransom payment; failure to pay within the time limit may result in an increased ransom demand or the exposure of the encrypted data (or both).
Further costs from an ransomware attack can include:
- Loss of data
- Lost profits caused by downtime
- Cost of replacing compromised devices
- Reputational damage
- Recovery costs
- Investment into new security measures
- Potential legal penalties
- Employee training in response to attacks
- And more….
While you can get Cyber Insurance these days to mitigate the financial impact of these events, the insurance companies and under writers are clamping down of late, insisting that you have controls in place to protect your business, whats more, they want you to evidence your controls were maintained and up-to-date, before they even entertain the pay out.
So what best practices can you follow to protect your business? Here are our top twenty security tips for 2022:
Most organisations these days are reliant on their systems, and the data they hold. Significant disruption to the availability of this data can be devastating, whether it was caused by a cybersecurity incident, or simply an accident. In these situations, being able to restore from backup quickly makes all the difference. Not all backup solutions are equal however, implement a solution that is air gapped, read only and preferably are stored off-line.
2. Staff Awareness / Training
It’s important that your staff understand the kind of security risks your business faces online. If you’re working to improve your business’s online security, consider running an awareness campaign for your staff. Giving them an opportunity to practice identifying phishing attacks or fraudulent emails best equips them in spotting a real threat.
3. Protect endpoints
Endpoint Protection solutions protect your corporate devices from malware, malicious applications, and investigate security incidents and alerts. They differ from commercial anti-virus software as they allow admins to manage all devices and perform investigation and remediation against threats. This allows admins to easily respond to security incidents and alerts.
4. Implement a Cyber incident Response plan
A cybersecurity incident response plan is a set of instructions designed and rehearsed to help business’ prepare, detect, respond, and recover from cyber security incidents. Most incident response plans are technology-centric and address issues like malware detection, data theft and service outages. Your CISO (or vCISO) should be driving this plan for your business and its vital to show your insurance companies that you have a plan for when the inevitable happens. We acknowledge that not all companies have CISO’s or want to commit to paying for one full time, which is why we have created our vCISO service to assist kiwi businesses.
5. Implement Cyber Threat Intelligence feeds
Ransomware actors continue to innovate new techniques, launch new attacks and create new strains of crypto malware. Considering this reality, you need to have some way to keep pace with what’s going on in the threat landscape and what risks could be affecting other organizations in the same region or industry. You can do this by leveraging our CTSA service for assessment, and managed cyber risk services.
6. Patch your software and systems
Keeping all software, from operating systems and applications to firewalls and routers, up-to-date continues to be one of the most cited controls in our list. A majority of the advisories released in 2021 were related to vulnerabilities that could be mitigated if the systems were patched in a timely manner. Having a vulnerability management program continuously assessing your assets for the latest vulnerabilities and applying the latest threat intelligence analysis to prioritise remediation, is a time consuming and specialised task when performed correctly.
7. Implement 2fa
2FA can be a solid defense for both your business and your customers, protecting access to both systems and accounts. When your staff log into a business system, or when your customers log into their account on your website, they use a username and password combination. This is known as single factor authentication. 2FA requires them to provide something else on top of that, to verify that they are who they say they are.
8. Use a password manager
Often due to password complexity requirements, users tend to re-use passwords in multiple places, unfortunately. Using a password manager will allow users to keep track of their passwords without having to memorize them. Some password vaults can also generate and change passwords for you in one click, as well as securely store other types of data like credit card information.
9. Implement Managed Detect and Response
Centrally managing all your security events and logs provides a wealth of information in identifying traffic patterns associated with compromise. Typically, having logs on their own is not sufficient and this goes hand in have with a Managed Detection and Response (MDR) solutions. MDR is a cybersecurity service that combines technology and human expertise to perform threat hunting, monitoring, and response. The main benefit of MDR is that it helps rapidly identify and limit the impact of threats without the need for additional staffing.
10. Secure Internet exposed services
This one feels like it should go without saying, but a recent study revealed that 33% of businesses expose unsafe services directly to the internet. IN the scurry of getting staff working remotely due to the Covid-19 pandemic, many businesses unknowingly opened their services unsafely up to the internet. Its always advisable to have your firewalls and access policies frequently reviewed to ensure no-one has left the farm gates open.
11. Implement application whitelisting
Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. The goal of whitelisting is to protect computers and networks from potentially harmful applications.
12. Enforce “Least Privilege” access controls
The principle means giving a user account or process only those privileges which are essential to perform its intended function. For example, a user account for the sole purpose of creating backups does not need to install software: hence, it has rights only to run backup and backup-related applications.
13. Implement network segmentation
Attackers can use a continuous network to spread throughout your entire infrastructure. You can prevent this from by segmenting your network. In particular, you might want to consider placing your industrial assets and IoT devices on their own segments.
14. Set secure defaults for macros
Disabling macros by default and allowing access on an as-need basis will help your organisation prevent malicious macros from running. While in later releases of Office this is effectively a tickbox, its good practice to implement controls to enforce the ‘tick’.
15. Harden Applications
Application hardening is the process of securing apps against reverse engineering and tampering. Application hardening increases the effort required to manipulate the application, thereby thwarting a large number of cyber attacks. It is extremely important to implement application hardening for smooth functioning of apps in zero-trust environments.
16. Implement Zero Trust
The zero-trust security model, sometimes known as perimeter less security, describes an approach to the design and implementation of IT systems with a guiding security principle of never trust, always verify,” meaning that devices should not be trusted by default.
17. Utilise a Cloud Access Security Broker (CASB)
A CASB acts as a gatekeeper, allowing organizations to extend the reach of their security policies beyond their own infrastructure. CASBs typically offer the following: Firewalls to identify malware and prevent it from entering the enterprise network.
18. Secure your email domain
Aside from having the ability to scan compressed or archived files, you need strong spam filters that can prevent phishing emails from reaching users in general. You should also use technologies such as Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC) and DomainKeys Identified Mail (DKIM) to prevent malicious actors from using email spoofing techniques.
19. Risk Assess your Third-Party / Supply-Chain
Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties (sometimes referred to as vendors, suppliers, partners, contractors, or service providers). A core service to our CyberGrape Business, we offer a world class managed TPRM offering.
20. Establish your Ransomware Susceptibility
Get an assessment of your current exposures and understand how susceptable your organisation may be to a ransomware attack. Ransomware is preventable, and risks can be mitigated. To have this information within hours, let us help you through the process. Contact us on the CyberGrape website https://cybergrape.co.nz/