Freely subscribe to our NEWSLETTER

Attackers are clever. Therefore, they may try to hit the weakest link in the chain – a supplier of a big company, where cybersecurity may not be at a suitable level to tackle modern attacks. A good example of such a combination is the recent ransomware attack on the British NHS, where attackers targeted one of the suppliers.
Fortunately, we are not helpless, and we can undertake specific actions to reduce the likelihood and impact of ransomware attacks. This article explains what steps to take to improve your cybersecurity.

Prevention and detection

Prevention is mainly focused on both people and technology aspects. From the employees’ perspective, it is crucial to improve awareness about modern threats and the consequences of a successful attack on an organization.
A good approach is to guide and coach employees, teach them key cybersecurity principles, and encourage them to use common sense when using company equipment in daily tasks. It is also important to teach how to identify basic threats (e.g. phishing attempts) and report suspicious activities. It is vital to keep in mind that no matter how many awareness trainings an employee receives, it will not make them a cybersecurity expert. Therefore, other means must be put in place to battle ransomware attacks.

From a technology perspective, it is important to highlight key technologies like Antivirus, EDR, Firewall, Sandbox, IDS/IPS or mechanisms like Browser Isolation or even concepts like Zero Trust Networking which are all valid defensive mechanisms to battle modern threats including ransomware.
It is also important to remember that although technology supports an organization in many areas of cybersecurity, it is not a silver bullet solution which will eliminate the risk of a successful ransomware attack. The challenge is to design an overall security architecture which is scalable, resilient, and not overcomplicated for employees who are responsible for maintenance and security monitoring.

Network segmentation should also be applied to limit any spread of ransomware. It will be much more manageable to contain the ransomware in one subnet than across the whole organization.
From a process perspective, it is crucial to have a backup policy and actual backups in place ready to be able to recover systems in case of a successful ransomware attack.

Reaction

Reaction is the phase when an organization must act after a successful attack by cybercriminals. It is essential to have a plan (playbook) detailing what to do in case of a ransomware attack. The plan’s goal is to ensure that there will not be any panic with ad-hoc actions taken, but that there’s a structured approach with defined steps on how to deal with the attack.

The plan should contain at least:
1. Defined roles and responsibilities for named individuals
2. Defined communication path
3. Defined technical process for incident handling, which should contain phases such as: Identification, Containment, Remediation, Recovery, Lessons learned

Finally, the plan should be regularly tested to identify any gaps that should be addressed.

In summary

Unfortunately, it is expected that the volume of ransomware attacks will only increase. Therefore, organizations must ensure they are ready to deal with attacks efficiently.
It is worth remembering that there is no one-size-fits-all solution in cybersecurity and the processes, procedures and tools should be tailored to an organization’s business model, risk profile and other specific requirements.
We understand cybersecurity can be challenging, but our team at Spyrosoft are here to help across all phases of cybersecurity including processes, procedures, and operations.