editor’s question
PHIL RICHARDS,
CSO AT IVANTI
R
ansomware is an
ongoing threat
to businesses
in all industries
with new variants
appearing all the
time. Sodinokibi
is a new variant of ransomware that
has the significant capability to cripple
a business. If businesses want to
avoid a WannaCry-like disaster, then
ransomware prevention must be at the
forefront of their minds.
The main thing businesses must
remember when dealing with
ransomware prevention is the techniques
used by cybercriminals are often the
same as they have always been, but are
now more sophisticated versions of old
attacks. Therefore, the same principles
apply to prevention. Companies must
start from the bottom when it comes to
cybersecurity, beginning with the basics.
There are four key areas companies
should focus on when striving towards
28
ransomware prevention: patching,
employee training, backup and
privileged access management. Patching
software vulnerabilities should always
be the first line of defence, with critical
patches prioritised and updates for
key programmes and apps, such as
Adobe Flash, Java, Microsoft and web
browsers, kept current.
One of the most common ways
businesses become infected with
ransomware is by taking advantage
of employee error, specifically when
employees fall for phishing emails or
infected links. Obviously, education
is the place to start but it is often not
enough. Training also needs to be
implemented to ensure that employees
are always on their toes and don’t have a
hand in the downfall of an organisation.
Backing up your files is always a
strong defence against ransomware but
businesses also need to be comfortable
about the file restoration process. It
may seem like an easy thing, but when
several systems are down, restoring files
can take time and businesses need to
set and manage expectations.
Finally, privilege management must
also be addressed. Businesses need
to strike the delicate balance between
minimising the number of accounts with
certain access and privileges, and not
affecting employee productivity. This
form of defence is especially prominent
in today’s workplace, where employees
are becoming increasingly mobile, often
connecting their devices, and by default
a business’s drives, to unsecure or
unprotected Wi-Fi hotspots.
With Sodinokibi and other new strains of
ransomware, another defence capability
needs to be added to a business’s
security arsenal: an assessment of the
security of its vendors. This new strain of
ransomware extends criminal capability
to lock corporate files by infecting
vendors that have access to those
files, like Managed Service Providers.
This means that even if companies do
everything right, its files can still be
locked if its vendors are missing key
patches. A business will need to assess
the patching program of its vendors as
well as assessing its own patching.
Focusing on effective ransomware
prevention can save businesses from
lost data and high costs in the future.
Prevention doesn’t need to be over-
complicated; patch vulnerabilities, train
staff, reduce privileges, backup data
and assess vendors. These are simple
but critical approaches to security that
can go a long way towards protecting
the business.
Issue 18
|
www.intelligentciso.com