Ransomware: Backup alone is not a security strategy
Many companies think their data backups protect them against ransomware. The tantalizingly simple logic behind this: If you can restore all your data, you can't be blackmailed. But that's too short-sighted: even if you successfully recover from an attack, sensitive information such as customer data or intellectual property may have been stolen.
In addition, the risk of attack remains: Hackers can still be on the network or gain access again by installing a backdoor. In some cases, ransomware serves cybercriminals as a mere diversionary tactic, for example, to infiltrate spyware into the corporate network. Thus, even if the data is restored with almost no downtime, the damage of a ransomware attack can remain considerable or even existential.
The question is therefore not just what malware the attackers place in a company, but how they have infiltrated the company. Because if ransomware was able to penetrate the network, there are obviously gaps in the defenses. And these need to be closed in the long term.
Comprehensive strategy against cyber attacks
Companies that want to prevent infiltration by attackers need the right products, processes and security experts. Ali Carl Gülerman, CEO and General Manager at Radar Cyber Security, begins by explaining basic best practices for taking precautions:
1. identify the most important company data and assets: Whether intellectual property, trade secrets, login information or customer data: This is what attackers are after. Companies must therefore identify their most sensitive data and know exactly where it is. Once the data has been classified, it should be tagged and access restrictions placed on it. If those responsible know exactly which of their data is particularly valuable, they can protect it specifically against attacks.
2. train employees against social engineering: Educating and sensitizing employees is one of the most important measures for corporate security. Email phishing is still the most common method of spreading ransomware. Therefore, it is important that employees know how to recognize phishing attempts. Companies need to define simple processes that allow employees to report them to the company's security officers.
3. security technologies: Email security filters, antivirus software, and firewalls help block known, common strains of malware. Organizations should also deploy Endpoint Detection and Response (EDR) and Advanced Threat Protection (ATP) solutions to optimize ransomware detection and blocking.
4. keep operating systems and applications up to date: Unpatched operating systems and applications are easy prey for attackers and a bridgehead for further attacks. Therefore, companies must ensure that their operating systems and software are always patched with the latest updates.
5. disable macros: A number of ransomware strains are sent as Microsoft Office attachments. When a user opens the attachment, they are prompted to enable macros to view the contents of the document. Once the user enables macros, the actual ransomware payload is downloaded and executed. Therefore, macros must be disabled by default, and employees must be informed that a request to enable macros is a warning signal.
6. manage access rights: Users should only have as many access rights as they need to perform their tasks. Administrative rights should be restricted as much as possible. In addition, it should be ensured that administrative users must confirm all actions that require elevated rights.
7. segment networks: Network segmentation provides damage limitation in the event of a ransomware infection. This prevents the malware from spreading throughout the entire corporate network.
8. penetration testing: Penetration testing gives companies the opportunity to find vulnerabilities in the system and fix them before they can be exploited by attackers. Penetration tests should be performed at least once a year. A penetration test can also be useful when a major change is made to the company network, such as changing the operating system or adding a new server.
9. backup as a last safety net: Backups that are regularly performed and tested for functionality are a necessary part of the security architecture. They also help to keep business processes available. The well-known 3-2-1 strategy is recommended for backups: This recommends three copies of the data to be protected on two different types of storage media. One of the copies is located offsite or offline. However, backups are only ever the last safety net when everything else has already gone wrong and are by no means a satisfactory security strategy on their own.
10. practice the emergency: Organizations should conduct a simulated ransomware incident and practice the recovery processes. One of the key things here is to determine how much time it will take for the organization to become fully operational again. These exercises show managers what they need to focus on to improve their recovery processes. Often forgotten: Emergency preparedness also requires the development of an internal and external communications strategy. Those who communicate clearly in an emergency are perceived as reliable partners and suppliers.
24/7 security guards strengthen cyber resilience
When it comes to protecting against cyberattacks, most organizations lack personnel and expertise. For comprehensive prevention against such attacks, including ransomware, and rapid response, organizations should consider a dedicated Cyber Defense Center or CDC as a Service, as it can greatly strengthen their cyber resilience. Thousands of cyber threats are created every minute. Technology can filter out many of the known threats. But only a Cyber Defense Center with 24/7 service can help organizations analyze the vast number of alerts, new threats, and anomalies that technical security infrastructure identifies.
A Cyber Defense Center - also known as a Security Operations Center (SOC) - combines IT security experts, processes and technologies. At the CDC, trained experts continuously examine Internet traffic, networks, desktops, servers, endpoints, databases, applications and other IT systems for signs of a security incident. As a company's security command center, the CDC is thus responsible for continuously monitoring, analyzing and optimizing the security situation in order to quickly detect attacks and initiate appropriate countermeasures in the event of a security breach.
Ransomware will remain one of the biggest security risks for companies. One measure alone is not enough to protect against it. But with a layered approach of ongoing employee training, robust processes to ensure business continuity, modern technologies and professional help from security experts, the risks and potential consequences of extortionist attacks can be significantly mitigated.
For more info: Radar Cyber Security
Other topics:
Cyber risks: New recommendations of the federal government
Cyber insurance for emergencies
