How Your Organisation Can Prevent a Ransomware Attack

So, what steps can your organisation take to prevent a ransomware attack? Here are some of our recommendations:

• Conduct regular security awareness training with your employees so they know how to spot phishing emails and common social engineering tactics. You can also perform consistent security assessment & testing, including phishing simulations and tabletop exercises to test your team on the effectiveness of your training

• Practice strong cyber hygiene with regular patching, robust policies, strong password etiquette, and disciplined access controls.

• Ensure that the servers for any IT service management software applications that require administrative privileges are not Internet-facing, as was the case for the Kaseya cyber attack. Threat actors can easily use certain search engines to find exposed IP addresses for the exposed servers and use that information to target organisations

• Employ an effective multi-layered defensive posture balancing people, process, and technology, rather than structuring your cyber defences around only one or two of those elements. For example, phishing emails are commonly used by adversaries to gain access into your network. To balance people, process, and technology, you would:
  • Implement a top-down security culture and provide security awareness training (people),
  • Establish protocols for steps that that your employees need to take when they spot a phishing email (process), and
  • Have full visibility across all your data sources so you can detect and contain any attacks (technology).

• Ensure that your security team has full visibility into your IT environment using EDR agents and centralised logging on domain controllers since they are a key target for ransomware actors.

• Leverage 24/7 detection with both automated and expert-level manual response, which will allow your organisation to benefit from cybersecurity expertise and resources that are beyond your in-house capabilities.

• Invest in critical defensive tools, including next-generation antivirus, network monitoring, email gateway, VPN security, multi-factor authentication (MFA), and endpoint protection
• Always require MFA to access your organisation’s VPN or remote desktop protocol services.
• Keep your operating systems and 3rd-party apps patched and up-to-date so threat actors have fewer vulnerabilities to exploit.

• Don’t install a software application or give it administrative privileges unless you know exactly what it is and what it does.

• Use the principle of least privilege so only the users that need access to certain data have access to it.
  • Establish protocols so that if an employee requires access to data they don’t normally need to complete a specific task, that access is taken away after a certain period of time or it expires as soon as the task is complete.

• Implement network segmentation so that if one system is infected, it can easily be isolated from the rest of the networks to ensure the ransomware doesn’t spread through your environment.

• Backup all your data on a regular basis and store the backups separately to ensure they cannot be accessed from your network.

• Work with your security team and Incident Response (IR) provider to build an IR plan that’s right for your organisation so that if a cyber attack does occur, your team is ready with remediation and response efforts.