Effective cyber security defence: the bugbear of the network manager, but something expected (and taken for granted) by the Board and end users. As cyber-criminals constantly create new strains of ransomware, simply opting for antivirus software and then moving onto the next thing and hoping for the best is no longer a viable strategy.
Instead, a multi-faceted approach is required in order to make sure that you have all the bases covered. The more lines of defence you build, the harder it will be for the cyber-criminal and the less attractive your company becomes for attackers.
The weakest link in the fight against ransomware - and as a result the area you should look at first - are the end-points themselves. Companies should not rely completely on technological defences when the aim of the cyber-criminals is to stay one step ahead of those defences.
2016 seems to be the year of Ransomware. Ransomware comes in at the front line, targeting end-points and locks users out of devices, rendering them useless. Implementing a next generation solution which automatically detects and deals with ransomware is vital, but trying to prevent malware execution in the first place should always be the first step.
An element of user interaction is part and parcel of a ransomware infection, whether that is through clicking on a fraudulent email or by navigating to a compromised website. As a result, it is crucial that there are best practices and processes in place, that are well communicated across the business, to prevent this.
Your first line of defence against ransomware needs to address the ‘delivery and exploitation’ stage of an attack.
It’s often said, but prevention is better than cure. End users should therefore be educated through security awareness training, so that they are aware of what potential phishing emails and downloads on compromised sites might look like. By giving them an insight into the dangers, you are lessening the chances of them absentmindedly clicking on something they shouldn’t.
In the event of a device being compromised, it may be tempting to simply pay the ransom in order to get back to work quickly. However, giving in to the demands of the criminals will leave users open to future attacks, and in some cases, payment is taken but the device is not released.
The best way to evaluate your security holes, either related to technology or to end users who might open malicious files, is to carry out a comprehensive penetration test. This delves deeper than an automated routine inspection, and is the only way to acheive peace of mind that the network is secure with lower risk of real world attacks. A worthwhile test will interogate your internal and external infrastructure for a variety of threat vectors including:
- Host discovery to determine your 'digital footprint' on the internet
- Ensuring access to sensitive data is appropriately restricted
- Analysis of Overall Network Health Status
Wherever there is Wi-Fi, whether or not your business has a Bring Your Own Device (BYOD) policy, there will always be end users trying to connect their devices (phone, tablet, watch… you name it). According to Security Magazine, 79% of employees in high-growth markets believe that constant connectivity enables them to do their job better.
End users with multiple wireless devices has now become the norm (personally I have 4 WiFi enabled devices on me at all time) and the security implications need to be considered alongside steps to limit any negative impact.
With multiple connections to the network, the risk of a successful attack only mounts. However, mobility is now an expectation in the workplace, so there is a need to mitigate risk and implement effective security measures which do not have a high impact on productivity. One way of doing this would be to define a mobile device management policy, limiting access to users who have less than satisfactory levels of device protection.
The need to act
Ransomware has the potential for huge impact on productivity and company reputation/image, making it an area that simply can’t be ignored. Rather than simply opting for some form of impotent antivirus and leaving it at that, it’s important to make sure you have multiple lines of defence in place in case something malicious slips through.