Ransomware prevention is a must-have in today’s organizations, big and small.
In May 2021, the Colonial Pipeline was confronted with a ransomware attack that made infrastructure vulnerabilities painfully obvious. Incidents of compromised data as a result of cyber attacks is up 27 percent since 2020, and the average cost of a data breach reached $4.24 million in 2021. Major incidents that make headlines unfortunately won’t be the last, so it’s best to prepare for and mitigate such attacks with robust ransomware prevention measures.
Read more: Ransomware Attacks Rise Dramatically
7 ways to prevent ransomware attacks
While there’s no way to completely avoid ransomware attacks, there are plenty of measures your company can take to prevent or lessen the threat of ransomware.
Table of Contents
Develop an IRP
Like fire drills in grade school, have an incident response plan (IRP) to revert to in the event that a ransomware attack occurs. The first step to develop an IRP is to prioritize most valuable and sensitive assets with the help of inventory tools, Indicators of Compromise (IoC) generated from EDR software, and Indicators of Behavior (IoB) lists. These tools will give you an idea of how an attacker could gain entry into your network and which data segments need added protection. Then, isolate sensitive data by backing it up (see next section).
With an incident response plan in place, you need the right people involved. Designate roles so relevant personnel know what they’re responsible for when it comes to restoring your network and recovering data.
Once you have an IRP in place, however, the work doesn’t stop there. Continuously revise the IRP to anticipate evolving ransomware tactics. As your business continues to grow and accrue more critical assets and data, you’ll likely outgrow previous IRPs.
Read more about how to create an IRP on eSecurityPlanet: How to Create an Incident Response Plan
Back up data and patch up software
Remember the 2 “ups”: back it up and patch it up. Back up your data both virtually and offline on a regular basis, so you have a version to revert back to if it gets hijacked by attackers who often disable backup systems beforehand. As an added security precaution, patches ensure that all software is updated with the latest security measures that prevent specific vulnerabilities. Your network’s software—such as IDPS, antivirus, and anti-malware software—is only as good as its update schedule, so keep track of updates to ensure network protection.
Email is another common attack vector. It’s therefore important to regularly update your email gateway and its server. The gateway, as its name suggests, acts as a gatekeeper that filters out and flags potentially malicious file attachments, links, and email addresses in inbound email traffic to your employees. Update the gateway’s server, so it properly monitors email activity for malware.
Organizations today are embracing a policy-driven patch management approach that makes sure the network owner applies patches to the system within a critical, previously determined timeframe. This approach combines operational data about system configuration with security measures to be undertaken.
Read more on Enterprise Networking Planet about the latest trends in patch management: Patch Management Trends for 2022
Know what to block
Aside from email filters, configure devices and browsers to block suspicious and harmful ads, files, and spam.
The aforementioned email gateway prevents spam and malicious executable files from getting through to employees. Executable files have the .exe extension and essentially install a program, or worse, onto your device by commanding your computer to follow its instructions.
The email gateway is of course not foolproof, however, as some malicious emails instruct employees to rename files, which is where employee cybersecurity training comes into play.
As an additional measure, configure Windows devices’ extensions to be visible, since Windows automatically hides file extensions. In fact, Microsoft released a statement in November 2021, warning of the surge in ransomware under the guise of JavaScript files. In this tactic, ransomware penetrates networks with an unsuspecting file name like “readme.txt” that gets delivered in a .zip file, but you can stop them by disabling Windows Script Host.
Read more: How to Implement Zero Trust Security: Learn 7 Key Technologies & Strategies
Educate users
A continuous challenge to network security is human error. To combat this, your company should take consistent measures to train staff on how to securely handle data and recognize malicious content as part of a broader security strategy.
For example, seeing an executable file with a strange or unrecognizable name should raise suspicion in an employee, especially when they’ve been trained to be on the lookout for such anomalies.
One caveat to mention, however, is that the employee cybersecurity training and security measures they should take need to be user-friendly. If users are frustrated by jumping through cumbersome security hoops, they’re more likely to cut corners and render the training futile.
Embrace zero trust models
Given human fallibility, a zero trust approach to network security is one of the best ways to stop a hacker from gaining high-level access to your network. Zero trust is more a posture or strategy rather than an actual tool.
Trusting no one and no device enforces least privilege access control across applications, clouds, and databases within your network. The zero trust model also gives you visibility and thus control over your network.
Restrict devices and privileges
With the increasing popularity of the BYOD model comes a greater attack surface for ransomware actors. Enforce a strict device policy, especially for remote work staff, supply employees with company-owned devices, and use multi-factor authentication on all web-based systems and apps whenever possible. Also, enlist the help of mobile device management (MDM) software.
Ransomware only encrypts files that a particular user in the network can access, but the ransomware may contain code that can elevate a user’s access privilege to reach more sensitive data stores. Take steps to restrict access to certain users and user strata within the organization by implementing microsegmentation and Privileged Access Management (PAM) tools.
Microsegmentation
Microsegmentation prevents the ransomware attacker from moving laterally within the user’s level of access to infect other users in the same layer. Microsegmentation does this by cross-cutting that layer with restrictions at the application level. It essentially polices app-to-app, server-to-server, and app-to-server traffic.
PAM tools
PAM tools manage restricted access to confidential resources, services, and data. They also help you understand a ransomware attack as it unfolds so that you can prevent it from happening again.
Read more: IAM vs PAM: What Are The Differences?
Enlist smart tools to help
Your company can’t, nor does it need to, have a human watching over the network 24/7. Powered by AI, adaptive monitoring tools hunt for threats and evaluate emerging ones, so your team can focus on other priorities. They also oversee traffic between applications, services, databases, and other systems. As an added bonus, a monitoring tool should integrate with a threat intelligence feeds.
Most companies today run services and store data on the cloud. Though cloud service providers have their own built-in security tools, your organization is responsible for securing the cloud as well. A cloud access security broker (CASB) provides greater visibility, compliance, security, and threat protection, while managing policy enforcement for your organization’s cloud infrastructure.
Read more: 4 Benefits of Using AI in Cybersecurity
Ransomware is a moving target
There is no future-proof method of preventing any and all ransomware attacks, so cyber security insurance is worth considering. However, including these tactics and tools in your arsenal will help you fortify your network as much as possible.
Read next: Best Threat Intelligence Tools for 2022