By Edward Nadareski, CISO
Every so often a massive cyber attack or data breach causes everyone to pause and reassess their cybersecurity strategy. The WannaCry ransomware attacks that hit more than 10,000 organizations and 200,000 individuals in more than 150 countries this weekend did just that. I’m guessing that today nearly every organization in the world is taking a good look at their current security policies and technologies to prepare themselves before another looming threat strikes. With that in mind, we’ve outlined the three actions you should take to protect from ransomware:
A major takeaway from this ransomware attack is that users who had up to date software were not victimized. You heard correctly—all it takes to thwart an attack of this kind is keeping your programs current and up to date. We see many cases where people claim that its inconvenient to perform updates or even shut off their antivirus, but that kind of attitude is why so many fell victim to this latest attack.
Updates fix vulnerabilities, and vulnerabilities can be taken advantage of by hackers, like they were in the case of WannaCry. As a company, it can be difficult to monitor whether each employee is performing the necessary updates on each device. One solution to that is deploying a vulnerability management solution that continuously scans each device on your network for vulnerabilities, so you can get a 360-degree view of your security gaps and even view the steps to remediate those gaps.
Although this ransomware is currently causing havoc across the globe, there’s nothing new or unique about the ransomware itself. It’s the way it was delivered that caught many organizations off guard—disguising itself as fake invoices, job offers or other clickbait that made it easier for people to fall prey to it.
The reality is that despite the millions of dollars that companies have invested in stopping these attacks, their weakest link is still the employee. While you can’t control human nature, you can adequately train your employees to adhere to hardened security policies. Educate them on detecting phishing campaigns, suspicious websites, and other scams. Above all, train them to exercise extreme caution: if you receive an odd message or attachment, or if anything at all seems suspect, it probably is.
Beyond employee training, companies can take control of employee access to strengthen security. Where practical, companies should take users’ local admin rights of their machines away. That way they won’t be able to install anything locally, which helps eliminate part of the threat.
Backup, then backup again!
A solid backup strategy is the best solution to ransomware. If your training fails or your updates are behind and you’re hit with ransomware, a good backup process will be able to recover much of the data encrypted by the attackers. Whether your backup is on-premises or in cloud storage, regular backups of your most current files can remove the looming threat of ransomware. Ensuring that backups are being done correctly and regularly is key, since any backups made between the time of infection and when the attack is detected will be unrecoverable without paying the ransom.
Also keep in mind that there is also no guarantee that your data will be recovered if you do pay the ransom, so backup is truly the best proactive strategy to take the power away from the hackers.