EP 08: The Twenty-One Biggest Cybersecurity Threats, Trends, Predictions for 2021 – #5. Ransomware on the Rise

EP 08: The Twenty-One Biggest Cybersecurity Threats, Trends, Predictions for 2021 – #5. Ransomware on the Rise Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. Ransomware variants have been employed for […]

EP 08: The Twenty-One Biggest Cybersecurity Threats, Trends, Predictions for 2021 – #5. Ransomware on the Rise

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. Ransomware variants have been employed for several years, with the goal of extorting money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are then told that unless a ransom is paid, access will be denied. The ransom demanded from individuals varies greatly, from as a little as a few hundred dollars to as much as hundreds of thousands of dollars.

And ransomware attacks are growing more common with each passing day. Just ask City Hall in Atlanta, GA how damaging ransomware attacks can be. The City of Atlanta spent millions fighting a 2018 ransomware attack that was now believed to be perpetrated by two Iranians thousands of miles away.

According to industry experts, businesses in 2021 will fall victim to a ransomware attack every 11 seconds. Additionally, it is estimated that the cost of ransomware to businesses will be more than $20 billion in 2021.

Don’t want to become another ransomware statistic? Then make sure you’re undertaking the following I.T. best practices:

1. Back up your Data: This is the most obvious – and most critically important measure – any organization should be undertaking. As bad as a ransomware attack can be, not all is lost if you have a regimented backup system of critical files. I recommend redundancy in backups – specifically – a local backup of files, along with a secondary backup of files, such as backing up in the cloud. All three of the major cloud players – Amazon AWS, Microsoft Azure, and Google GCP – all offer long-term storage services that are relatively inexpensive.

2. Perform Annual Security Awareness Training: While organizations spend untold sums of money on industry leading and next-generation security tools and solutions, they often fail to invest in security awareness training. After all, the best security tools are essentially worthless without trained, knowledgeable, and competent employees who are aware of emerging security issues and threats. There are a number of high-quality – and cost-effective – security awareness training solutions online. My two favorite are ESET and WEBROOT, so check them out today. In terms of ROI when it comes to protecting your organization, nothing beats out security awareness training. The more knowledgeable a user is about today’s growing cybersecurity threats, the safer your organization will be.

3. Think Before you Click!: Ransomware can enter into an environment in any number of ways, but often, it’s a click of a link that the trouble begins. Word to the wise – think before you click. More specifically, think twice about emails, links, and attachments from unknown or suspicious sources. I’ve personally seen a number of “too good to be true” emails come my way. From a free cruise to the Bahamas to a guaranteed loan up to $50,000, and many more, these type of solicitations may very well be nothing more than overzealous marketers, but they may also be ransomware attacks. Don’t take chances on emails, links, and attachments that you’re unsure of.

4. Patch your Information Systems: One of the most fundamentally important – yet often ignored measures – is undertaking regular security updates and patching to critical systems. Security and patching should be an “across the board” measure, meaning such initiatives need to be applied to the network and infrastructure, to production servers, to end-user workstations – essentially all the computing systems that could be affected my ransomware. High-profile reaches in recent years were often the result of security patches not being applied to information systems. What organizations need are clearly defined security and patch management policies, procedures, and processes.

5. Protect your Network with an IDS: An IDS, technically known as an “Intrusion Detection System” helps in alerting of suspicious network traffic and related activity. One properly fined-tuned by an experienced network engineer, and IDS becomes an essential element of an organization’s information security framework.

6. Whitelist Applications: Applications that are not allowed on your network need to be blocked – blacklisted. Similarly, applications that are allowed – those trusted – are to be whitelisted. The concept is relatively straightforward, unfortunately, many organizations fail to employ such basic measures. Whitelisting – and/or blacklisting – is a good practice, so make sure your organization is doing it.

7. Employ Role Based Access Control: Not every employees needs access to every information system, not even close. That’s why organizations need to employ the well-known concept of Role Based Access Control, simply known as RBAC. In the world of RBAC, users are only given the minimum and necessary access and permissions to systems for which they need to perform their job functions, and nothing more.

8. Separate Networks: It’s probably not a good idea in anything in life to put all your eggs in one basket, as they old saying goes. This is especially true when it comes to information security. Information systems should be logically and/or physically siloed out into buckets for ensuring proper isolation from one environment to the next. After all, an attack against a flat network – where everything is behind one main network that has no segregation – could effectively knock out your entire I.T. environment. Separate your network as best you can as this helps protect your network in the event of an attack.

9. Perform Vulnerability Scans Regularly: Scanning both internal and external facing networks – known as vulnerability scanning – is essential for identifying critical security gaps and vulnerabilities. There are dozens of high-quality providers offering cost-effective vulnerability scanning tools, such as NESSUS TENABLE and INRUDERO.IO

10. Conduct an Annual Penetration Test: It’s a good idea to perform a penetration test annually – or at least after significant changes to an environment – as pen testing, in my opinion, is arguably the single best indicator how secure – or how vulnerable – an organization’s network is. When performed by capable personnel, a pen test provides very meaningful evidence regarding the overall security of one’s I.T. environment. Many of today’s regulatory compliance mandates – PCI DSS, SOC audits, and more – require a pen test, regardless, every – and I mean every business – should perform an annual penetration test.

11. Monitor Who Has Access to your Environment: Access control is not just about internal employees, it’s about who on the outside can and does have access. Consultants, contractors, managed security services providers – they all are given access to your environment, and that’s where the problem begins. It’s not that these individuals or companies are malicious in nature, the bigger problem is that such access rights go unchecked, often left open and available long after somebody doesn’t need it. Hackers can often find these windows of opportunities, resulting in breaches.

12. Put in place a Comprehensive Telecommuting/Remote Work Policy: Everyone is remote working these days – and it’s not a fad – so companies need to have in place comprehensive policies and procedures that outline telecommuting and remote work practices. A good starting point is to begin by developing a telecommuting policy, one that covers best practices in terms of systems that can be accessed, the types of access used for secure connections, and much more.

13. Prohibit Removable Media Devices: Did you know that one the biggest data breaches ever at the Department of Defense happened years ago when unsuspecting DoD personnel inserted USB/thumb drives loaded with malicious software onto the government’s military network? It took the DoD years to recover from the breach, but as a business, you don’t have years to recover from an attack, or could you ever. Bottom line – ditch the removable media devices and don’t allow them – EVER – on your network.

14. Watch Where You Surf: Safe websites – those that you frequent regularly – can pose a risk in terms of ransomware and other dangerous malware finding its way onto your computer, and ultimately, your network. What you need to be careful of are websites that offer enticing offers – and more specifically – websites that you’ve never heard of before. One of the most common ways that malware can be spread are through websites with poisoned advertisements – a well-known concept known as Malvertizing. Specifically, Malvertising is the use of online advertising to spread malware, which typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

To learn more about cybersecurity and how to protect your organization, visit charlesdenyer.com today and get access to a wide range of world-class resources on all things cyber. Additionally, my companies offer comprehensive cybersecurity, data privacy, and regulatory compliance services & solutions for businesses all across the globe. Book a call with me today at charlesdenyer.com/contact and let’s discuss your needs.