EDITOR ’ S QUESTION
With the volume of ransomware attacks growing by the day , attention is focused on the best ways for organizations to minimize their impact .
In many cases , such attacks are viewed as an inevitable occurrence and focus is therefore placed on how the organization can get key systems up and running again as quickly as possible . Their strategy is one that revolves around regular backups and using them to restart systems as soon as malicious code has been removed from servers .
While taking this approach will allow an organization to eventually resume normal operations , it should not be the preferred strategy for combating the threat posed by ransomware . A better option is to have capabilities in place that prevent the attack from happening in the first place .
There are a number of steps an organization can undertake to prepare for a ransomware attack and reduce the likelihood of one occurring . These steps include :
• Conduct staff education sessions : One of the most common vectors through which a ransomware attack is launched is a phishing email campaign . A staff member receives a message that appears to come from a trusted source , however it contains an infected attachment or a link to a malicious website .
Organizations should conduct regular education sessions for all staff . During each , the threat posed by ransomware should be clearly explained , together with basic steps that can be taken to avoid a successful attack . monitored to see whether anyone opens them and be reminded of the risks .
• Deploy endpoint and network detection tools : An important step to have in place is the capability to monitor activity and flag anything that looks out of the ordinary . Security tools should be deployed that can detect anomalous activity and automatically flag it for closer attention and remediation . This will allow infected endpoints to be quarantined before they can infect core systems . Additional tools should also be installed on core critical systems . Should malicious code not be picked up at an endpoint , it can be quickly identified and removed before it makes it deeper into the IT infrastructure .
• Have solid backup strategy : While it should not be regarded as a first line of defense , a reliable backup strategy is still an important element to have in place . This will ensure the organization can restore systems as quickly and thoroughly as possible should a ransomware attack actually take place .
• Monitor the security landscape : The threat of ransomware is evolving very quickly and new types and tactics are emerging all the time . For this reason , it ’ s important to monitor emerging threats and delivery vectors so that you have in place the tools needed to identify and remove them . Working with a trusted technology partner can assist with this monitoring process .
Ransomware is going to continue to be a significant threat for a considerable period . For this reason , it is important to undertake these steps now to reduce the chance of disruptive attacks in the future . p
These sessions can be augmented with awareness campaigns involving fake emails sent by the IT team that contain links or attachments . Staff can then be
SIMON HOWE , VICE PRESIDENT SALES APAC , LOGRHYTHM
www . intelligentcio . com INTELLIGENTCIO APAC 35