If there’s a positive spin that can be placed on last month’s ransomware attacks, it’s that the topic of cybersecurity has finally emerged from the shadows and into the public eye. When 200,000 systems began to be infected across more than 150 countries on May 12, security became not just a matter for a few black-hat specialists and a wave of creative naming — from WannaCry to WanaCrypt0r and everything in between — it was suddenly everybody’s business.
Of course, businesses recognize they’re not immune from cyberattacks, and threat intelligence and law enforcement agencies have warned that such attacks can be expected to accelerate in frequency. In short, ransomware is rampant. Often delivered via e-mail, ransomware, also known as cryptoware, it’s used to attack a company’s data by encrypting it until a ransom is paid to an unknown source — in some respects, the criminals who use it are the “stand and deliver” highwaymen of the modern age.
Any approach to handling ransomware must take into account that it triggers fast-moving situations and that there’s no guarantee that an approach that works for one organization will also work for another. But here are five fundamental steps your company can take to curb its chances of its falling victim to a ransomware attack:
1.Adopt prevention programs. Most ransomware attacks start as a phishing attack. Prevention training and awareness programs can help employees recognize telltale signs of phishing scams and how to handle them. Guide your employees on how to recognize and avoid fraudulent e-mails or what to do in the event of a social engineering attack. Keep testing internally to prove the training is working.
2.Strengthen e-mail controls. Ransomware attacks are frequently delivered via e-mail. Strengthening e-mail controls can often prevent malicious e-mails from reaching employees. Make sure you have strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution and how e-mail is configured and file extensions are displayed.
3.Improve CMDB. Companies need to be very diligent about building a complete configuration management data base (CMDB). It may be surprising, but most companies do not know all the IT systems in their environment across all subsidiaries and business lines. If you don’t know what you have, how can you protect it?
4.Insulate your infrastructure: Attackers are getting smarter, and it’s easier for unsuspecting employees to make mistakes by failing to recognize malicious e-mails. There’s a host of solutions here, from removing or limiting local workstation administration rights to seeking out the right configuration combinations (including virus scanners, firewalls, and so on). Regular patches of operating systems and applications can foil known vulnerabilities: Microsoft patches related to this particular threat was one kind of measure that Accenture used back in March 2017 as part of our normal patching cycle.
5.Plan for continuity. Ransomware attacks are far from random — they are highly targeted and intentional, meaning that many can be averted via meticulous prevention. But even with the best defenses in place, successful attacks can occur. Having a strong business continuity plan for recovery — one that’s regularly reviewed, updated, and tested— makes it easier to avoid paying ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. Workstations and file servers shouldn’t be constantly connected to backup devices. Further, the backup solution should store periodic snapshots rather than regular overwrites of previous backups, so that in the event of a successful attack, backups will not be encrypted.
Kelly Bissell is a managing director of Accenture Security.