Cybersecurity: How to secure your company against ransomware attacks ─Experts

*Cybersecurity professionals submit there will be a new security breach caused by a ransomware attack every 2 seconds because threat actors progressively refine their ransomware and extortion models

Isola Moses | ConsumerConnect

Ransomware attacks are increasing, and have continued to create serious damage and huge economic losses to private businesses, critical infrastructure, and government organisations across the world.

According to report, over the past several years, law enforcement agencies and security firms in diverse lands have responded to a large number of ransomware attacks, including recent attacks against Colonial Pipeline in the United States (US) and software company Kaseya.

Ransomware attacks will cost their victims more than $265 billion annually by 2031, according to Cybersecurity Ventures.

Cybersecurity experts also believe that there will be a new security breach caused by a ransomware attack every 2 seconds because threat actors progressively refine their ransomware and extortion models.

This forecast is based on the observation of a significant acceleration of this criminal practice in recent years, reports CyberNews.

According to report, the US Cybersecurity and Infrastructure Security Agency (CISA) released guidance on how to prevent data breaches resulting from ransomware attacks.

The cyber regulatory agency’s guidance aims at helping the government and private sector organisations to prevent ransomware attacks and associated data breaches.

CISA’s guideline reads: “All organisations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems.

“This fact sheet provides information for all government and private sector organisations, including critical infrastructure organisations, on preventing and responding to ransomware-caused data breaches.

“CISA encourages organisations to adopt a heightened state of awareness and implement the recommendations.”

The government agency has published a factsheet that includes the following recommendations to prevent cyberattacks in your organisation:

Maintain offline, encrypted backups of data and regularly test your backups. Government experts recommend executing backups on a regular basis, the backup must be periodically tested to verify their integrity.

It is essential to maintain the backups offline to avoid threats, such as ransomware strains, encrypting them.

Create, maintain, and exercise a basic cyber incident response plan, resiliency plan, and associated communications plan.

The US agency reinforces the importance of defining a cyber incident response plan that should include response and notification procedures for ransomware incidents.

Besides, report also noted the government experts recommend creating a resilience plan to prepare operations in case the victims lose access to or control of critical functions.

Mitigate internet-facing vulnerabilities and misconfigurations to reduce the attack surface.

Organisations should audit Remote Desktop Protocol (RDP) and other remote desktop services and promote best practices for them.

It is important to close unused RDP ports, enforce account lockouts after a specified number of attempts, apply multi-factor authentication (MFA), and log RDP login attempts.

CISA stated that organisations should periodically conduct vulnerability scanning to identify and address vulnerabilities on internet-facing devices.

The regulatory agency recommends updating software and implementing an efficient patch management process for Internet-facing systems.

Organisations should also carefully configure systems and disable ports and protocols that are not used for business purposes.

Likewise, experts also suggest disabling or block inbound and outbound Server Message Block (SMB) Protocol and remove or disable outdated versions of SMB.

Reduce the risk of phishing emails from reaching end users by enabling strong spam filters and implementing user awareness and training programs. It is essential to train personnel on how to identify and report suspected phishing attempts.

Practice good cyber hygiene by using up-to-date anti-malware solutions and applications, implementing application whitelisting, ensuring user and privileged accounts are limited, enable multi-factor authentication (MFA), and implement cybersecurity best practices.

CISA also recommends enabling MFA for all services that support this security feature. MFA is very important to protect webmail, virtual private networks (VPNs), and accounts that allow to access critical systems.

The factsheet also recommends organisations to protect sensitive data belonging to consumers or employees.

CISA, therefore, recommends that organisations should:

Know what personal and sensitive information is stored on the systems of the organisation and who has access to it.

Implement physical security best practices from the Federal Trade Commission guide on protecting personal information.

Implement cybersecurity best practices by identifying the computers or servers where sensitive personal information is stored, encrypting sensitive information at rest and in transit, and implementing firewalls to protect networks and systems from malicious or unnecessary network traffic.

The US agency also states that organisations should consider applying network segmentation.

Ensure your cyber incident response and communications plans include response and notification procedures for data breach incidents.

Regarding the implementation of a cyber incident response plan, CISA recommends taking the following actions:

Secure network operations and stop additional data loss by determining which systems were impacted and immediately isolate them.

If it is not possible to take the impacted systems offline, disconnect the systems from the network by unplugging the network cable or removing them from Wi-Fi.

If affected devices cannot be removed from the network or the network cannot be temporarily shut down, power them down to avoid an incident.

Then, triage impacted systems for restoration and recovery, prioritising based on criticality.

Document the activity conducted and perform a preliminary analysis. Never pay a ransom to threat actors.

The guideline, report said, suggests engaging internal and external teams and stakeholders to inform them of how they can help the impacted organisation mitigate, respond to, and recover from the security breach.

Organisations must collect any relevant logs and artifacts on the impacted system and analyse them in order to extract indicators of compromise and use them to determine the extent of the infection.

The American agency as well invites victims of ransomware to report the incident to CISA, the local FBI field office, the FBI Internet Crime Complaint Center, or their local U.S. Secret Service office.

CISA, in July 2021, released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET).

RRA could be used by organisations to determine their level of exposure to ransomware attacks against their Information Technology (IT), Operational Technology (OT), or Industrial Control System (ICS) assets, report stated.

Kindly Share This Story