Intelligent CISO Issue 52 - Page 68

decrypting myths organisations pay the ransom and get the keys to decrypt the data but it didn ’ t lead to them restoring access quickly and easily . Despite getting their data decrypted , there were still problems getting it to work .
What tactics should an organisation use to resolve ransomware without paying hefty amounts ?
It ’ s all about preparation ; I constantly speak about preventative cybersecurity . For me , good cybersecurity is cyber hygiene done well , which means understanding your vulnerabilities , finding the updates or patches for those vulnerabilities and making sure they ’ re rolled out . I always recommend two main things – patching and Multi-Factor Authentication ; if organisations followed these two things , close to 80 % of all attacks would be prevented .
Backups are also vital but organisations must treat them as critical infrastructure and build security policies and procedures around them . The FBI , Interpol and Europol all suggest informing the authorities and not paying the ransom straightaway .
If you choose not to pay the ransom , as advised , you need to have access to secure and off-the-grid backups so they cannot be attacked . It is all about the preventative work because once you ’ ve been hit by ransomware , all you can do is clean up .
How can organisations build an effective defence against ransomware ?
The first thing is education , which I push for as we need to ensure employees are up to speed on what these attacks look like and what ransomware really means . It is essential to be cautious – we need to be testing and measuring our organisations . At Tanium , we regularly test the security awareness of our employees . Recently , I got a suspiciouslooking email and flagged it to our internal security team . They assured me that it was a phishing test and was a way for the organisation to assess how many employees were falling for such attacks . Organisations should do something similar to this and ensure that devices are up to date with patching and vulnerability management .
Tanium asserts that converged platforms that unite tools and data into one unified solution are the way to go in terms of combatting ransomware – why is that ?
The problem is the visibility of your ecosystem ; it is a significant issue in every organisation I visit . Through Tanium ’ s Converged Endpoint Management ( XEM ) – a single platform that can identify where all your data is – patch every device you own in seconds and implement critical security control tools , all within a single pane of glass , we can help obtain that heavily soughtafter visibility .
Some organisations have over a million endpoints , but we can still get the info from all of them within 15 seconds . This knowledge of your environment provides the tools needed to obtain business insights quickly , reduce time to incident resolution and lower IT cost and complexity .
Regarding cyber hygiene , organisations have many issues allowing actors to access their environments easily . With the visibility that Tanium provides , on top of the fact that we enable you to use the same single agent to enforce things ,
68 www . intelligentciso . com