Intelligent CISO Issue 40 - Page 76

employees on how to securely use their devices in potentially vulnerable home environments . For example , most employees today need to know how to update router admin passwords , monitor and manage connected devices and more .
And , these training programs don ’ t cover best practices for protecting company devices from non-employees that can easily gain access . In many cases , guests and even family members could access a corporate laptop throughout the day , creating yet another concern for SecOps teams to manage .
So , what is the best way to approach modern ransomware prevention ?
1 . Start by understanding how criminals get access to missioncritical assets . Attackers usually introduce ransomware through phishing emails , removable media , malicious file downloads from the Internet , malicious email attachments with nefarious links , vulnerable software , or because their victims ’ security policies and solutions are inadequate ( or absent ). It ’ s important to understand that ransomware only affects data the user in question can access . So , limiting data access strategically can mitigate the consequences of a successful ransomware attack .
2 . Use a mix of security controls that address common attack vectors , including anti-malware and antiphishing solutions , penetration testing and vulnerability scanning , URL filtering to prevent users from accessing malicious sites and security awareness training ( that incorporates remote work security modules ), among others .
3 . Monitor cloud and SaaS environments 24 / 7 to identify and proactively remediate ransomware attacks in real time .
4 . Monitor any and every third-party app your employees use , including extensions , add-ons , mobile solutions and more ; anything with access to corporate data cybercriminals can hold hostage . This will require ML and AI capabilities to reduce the costly realities of human error and false positives – two things you can ’ t afford in cloud ransomware prevention .
5 . Finally , backup your sensitive SaaS data to trusted , secure cloud storage services like AWS and Azure daily to ensure you can recover in the event of a successful ransomware infection .
Keep in mind that downtime is an inevitable risk of any ransomware attack that you can ’ t avoid . Today , an average downtime incident lasts about 16 days and can be tremendously costly . Here are top reasons how downtime comes from :
• Data is growing exponentially
• There are still a lot of manual processes when it comes to Disaster Recovery
• API limitations of SaaS providers
When you design a Disaster Recovery strategy for your organisation , you have to take downtime into account to reduce the downtime and recovery timeline because when it comes to ransomware attacks today it is no longer if , it ’ s already when . u
76 www . intelligentciso . com