Intelligent CIO North America Issue 3 - Page 54

FEATURE : THREAT ASSESSMENT
an ultra-resilient approach to backing up , recovering and restoring data is vital to protect Business Continuity in the event of an event .
Educating the business
There are two major audiences that should be targeted from an education perspective : IT staff and organizational users . It ’ s important to target both groups as threats can be introduced from both personas .
The main points of entry into a business for ransomware is through Remote Desktop Protocol ( RDP ) or other remote access mechanisms , phishing and software updates . Put simply , in most cases cyberattackers are not made to work as hard as they should to fetch big prizes . Knowing that these are the three main mechanisms is a huge help in focusing the scope of where to invest the most effort to be resilient from an attack vector perspective .
Most IT administrators use RDP for their daily work , with many RDP servers directly connected on the Internet . The reality is that Internet-connected RDP needs to stop . IT administrators can get creative on special IP addresses , redirecting RDP ports , complex passwords and more ; but the data doesn ’ t lie that over half of ransomware comes in via RDP .
This tells us that exposing RDP servers to the Internet does not align with a forwardthinking ransomware resiliency strategy .
The other frequent mode of entry is via phish mail . We ’ ve all seen email that doesn ’ t look right . The right thing to do is delete that item . Not every user handles these situations the same way , however .
There are popular tools to assess the threat risk of phish success for an organization such as Gophish and KnowBe4 . Combined with training to help employees identify phishing emails or links , self-assessment tools can be an effective mode of first-line defense .
The third area that comes into play is the risk of exploiting vulnerabilities . Keeping systems up-to-date is an age-old IT responsibility that is more important than ever . While this is not a glamourous task , it can quickly seem a good investment should a ransomware incident exploit a known and patched vulnerability .
Be mindful to keep current with updates to critical categories of IT assets : operating systems , applications , databases and device firmware . A number of ransomware strains , including WannaCry and Petya have been based on previously discovered vulnerabilities that have since been corrected .
Implement and remediate
Even organizations that follow best practice to prevent exposure to ransomware are
54 INTELLIGENTCIO www . intelligentcio . com