EDITOR ’ S QUESTION
YUEN-PIN , CEO , NEUSHIELD
There are many reasons why an attack could bypass even the best protection .
When it comes to ransomware there are two main things that need to be done to prepare for a ransomware attack .
Recovery of the operating system is needed because if the attack bypasses prevention , then it likely cannot be removed in the ordinary way .
First , you need to have solutions in place to prevent the attack . Secondly , you need to have the ability to quickly recover in the event that prevention fails .
Although many experts agree that it is impossible to prevent all ransomware attacks , there are many things that can be done to vastly reduce the attack footprint of your organization .
To get started , you should have a security assessment focus on the network connected devices and software .
The publication SP 800-30 Guide for Conducting Risk Assessments from NIST , provides an excellent and organized guideline on how to audit and secure your company ’ s digital assets .
Since most general-purpose security solutions focus on blocking malware and not a determined hacker , it is important to have multiple layers of defense .
The best way to recover is to have a solution that can roll the whole operating system back to a previous known good state . For data recovery , backup and restore is traditionally used .
However , in the case of ransomware , backup and restore can be time consuming and resource intensive . Therefore , it is recommended that you have a solution that can quickly and easily revert all data to its pre-encrypted state without relying on a remote backup server .
In the case of ransomware , backup and restore can be time consuming and resource intensive .
For smaller corporations or companies with limited security expertise , outsourcing this to a Managed Security Service Provider ( MSSP ) is recommended to improve the security posture of the company .
Of course , the ideal prevention solution would block all attacks . But there are many reasons why an attack could bypass even the best protection , so it is important to be able to get up and running quickly after a breach . For this you need a way to restore the operating system to a working condition after an attack .
34 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com