How Your Organisation Can Prevent a Ransomware Attack

With ransomware attacks now more common than ever, having established steps that your organisation can take to prevent a ransomware attack, are now a measure you can’t afford to live without.

This is a guest blog originally posted by eSentire.

It seems that every week, there are alarming headlines announcing yet another ransomware attack – evidence that threat actors are relentless in their pursuit to exploit high-value targets. From the SolarWinds attack in 2020 to the most recent Kaseya VSA compromise in July 2021, ransomware attacks are carefully orchestrated to incite as much chaos and instability as possible.

In addition to the growing sophistication of ransomware, threat actors are also evolving in the techniques they’re leveraging to launch attacks. Within the past year, we have seen increasing instances of adversaries relying on the ransomware-as-a-service model and double extortion to guarantee payment.

Since complex attack tactics require equally complex recovery solutions, the remediation costs have also increased substantially. In fact, according to Forbes the average recovery cost from ransomware in 2021 has risen to more than twice to reported in 2020.

Even if an organisation chooses to pay the ransom, the effects of ransomware are crippling and linger for years to come. Aside from facing the financial burden, the business will face reputational damage, loss of brand trust/loyalty, and depending on the scenario, may even face legal and regulatory repercussions. Therefore, security leaders must do their part to ensure they can prevent ransomware attacks from occurring.

So, what steps can your organisation take to prevent a ransomware attack? Here are some of our recommendations:

  • Conduct regular security awareness training with your employees so they know how to spot phishing emails and common social engineering tactics. You can also perform consistent security assessment & testing, including phishing simulations and tabletop exercises to test your team on the effectiveness of your training

  • Practice strong cyber hygiene with regular patching, robust policies, strong password etiquette, and disciplined access controls.

  • Ensure that the servers for any IT service management software applications that require administrative privileges are not Internet-facing, as was the case for the Kaseya cyber attack. Threat actors can easily use certain search engines to find exposed IP addresses for the exposed servers and use that information to target organisations

  • Employ an effective multi-layered defensive posture balancing people, process, and technology, rather than structuring your cyber defences around only one or two of those elements. For example, phishing emails are commonly used by adversaries to gain access into your network. To balance people, process, and technology, you would:
    • Implement a top-down security culture and provide security awareness training (people),
    • Establish protocols for steps that that your employees need to take when they spot a phishing email (process), and
    • Have full visibility across all your data sources so you can detect and contain any attacks (technology).

  • Ensure that your security team has full visibility into your IT environment using EDR agents and centralised logging on domain controllers since they are a key target for ransomware actors.

  • Leverage 24/7 detection with both automated and expert-level manual response, which will allow your organisation to benefit from cybersecurity expertise and resources that are beyond your in-house capabilities.

  • Invest in critical defensive tools, including next-generation antivirus, network monitoring, email gateway, VPN security, multi-factor authentication (MFA), and endpoint protection
  • Always require MFA to access your organisation’s VPN or remote desktop protocol services.
  • Keep your operating systems and 3rd-party apps patched and up-to-date so threat actors have fewer vulnerabilities to exploit.

  • Don’t install a software application or give it administrative privileges unless you know exactly what it is and what it does.

  • Use the principle of least privilege so only the users that need access to certain data have access to it.
    • Establish protocols so that if an employee requires access to data they don’t normally need to complete a specific task, that access is taken away after a certain period of time or it expires as soon as the task is complete.

  • Implement network segmentation so that if one system is infected, it can easily be isolated from the rest of the networks to ensure the ransomware doesn’t spread through your environment.

  • Backup all your data on a regular basis and store the backups separately to ensure they cannot be accessed from your network.

  • Work with your security team and Incident Response (IR) provider to build an IR plan that’s right for your organisation so that if a cyber attack does occur, your team is ready with remediation and response efforts.

Assume breach mentality

Ransomware is easily poised to be one of the largest digital threats facing organisations today and this threat is not going anywhere. Being prepared for a ransomware attack is just one part of the equation. Today’s CISOs must adopt an “assume breach” mentality and be ready to detect and respond to an attack.

Learn how Managed Detection & Response can help your organisation detect and contain threats before they become business-disrupting events, complete the form below to connect with a Tecala security specialist today.

Assess your vulnerability to attack. Protect your reputation.

Working to a risk assessment matrix, we’ll clearly identify where your business is most susceptible to breach or attack.

Our assessment follows 3 Steps:

  1. Where and how your business operations create your potential for risk.
  2. We’ll explain the two primary security frameworks and how to apply them to your organisation 
  3. Define next steps: Achieve peace of mind with a tailored Strategic Security Roadmap for your business 

Don’t be tomorrow’s headline. Book your session today.  

Tecala and eSentire – creating a leading-edge security partnership across APAC

Tecala and eSentire have come together in an exclusive partnership across the APAC region. As eSentire’s sole MDR solution provider in Australia and New Zealand, Tecala will be augmenting its cyber security practice to offer clients a powerful, all-in-one cyber security service which detects, disrupts, and remediates known and unknown cyber threats.

Tecala is Australia’s #1 mid-market-focused Managed Service Provider (MSP). Coming from a consulting and advisory heritage, we have a tried and tested approach to delivering IT that ensures your technology environment is aligned with your business objectives and is continually optimised.

Our fully integrated suite of managed services includes cloud, voice and data interconnectivity, intelligent automation, and business continuity. These services are delivered by our local teams of senior consultants, architects, and engineers, who are supported 24/7 by our Australian-based SOC team of support staff.

With over 1,000 customers in 70 countries around the world, eSentire is recognised as the industry’s leading Managed Detection and Response service provider. By partnering with eSentire, Tecala are delivering an end-to-end cyber security services portfolio to customers across Australia and New Zealand, that is designed to hunt, investigate, and stop cyber threats before they become business disrupting events.


How to Reduce the Impact of a Ransomware Attack

Ransomware is one of the biggest threats to any organisation today - period. As such, organisations must do everything in their power to reduce the impact of an attack.


Tactical Experts Driving Success for Ransomware Gangs

We enter a new cybercrime world as cooperative cybercrime experts become far more efficient than what most organisations are prepared for.