The cybersecurity threat trend of the year, ransomware isn't going anywhere. According to Security Intelligence, "Enigma Software reported that after staying steady for the last six months of 2015, ransomware detection began to climb: February saw a 19 percent increase over January, while March had almost a 10 percent increase over February," and signs of slowing aren't on the radar.
Still, ransomware isn't by any means the most common form of malware. It just might be the scariest for your company — and for the same reasons it's growing in popularity: it provides a direct path to profit for the attacker.
It's safe to say you need to address this threat as soon as possible. What can you do today to protect your organization's data and reputation?
Preventing ransomware is critical because it provides a direct path to profit for the attacker. Click to tweet.
How to Prevent Ransomware, Starting Now
As you know, normal vectors of attack for ransomware include emails (with malicious links or attachments), web browsing to compromised sites, or installing freeware that's already compromised.
For example, a Twinstate customer's gmail account was compromised, causing the bad actor (unbeknownst to him or her) to send infected attachments to people in their contact list — people who trusted the sender already. Someone at Twinstate received one of these attachments, opened it, and it began to run on their machine, attempting to contact a server to download Twinstate's encryption keys. But the firewall intercepted it, blocking the traffic from leaving the network. The moral of the story?
Your first act of prevention is a firewall.
"You need a next generation firewall capable of scanning all incoming and outgoing traffic for malware and other types of malicious traffic," says Alex Insley, Twinstate's Unified Defense Strategies technical manager.
Secondly, it's time to implement patch management for Microsoft and other third-party applications. Writes Fahmida Y. Rashid for InfoWorld Tech Watch, "Patching is critical but frequently neglected — both by organizations and by software vendors. Ransomware and other attacks are showing that not patching can have a devastating impact on an organization."
And of course, it's vital to encourage cybersecurity awareness training for all employees. Consider our initial example: if the firewall hadn't caught the traffic, the ransomware attack would have succeeded. But if the employee hadn't opened the attachment in the first place, the firewall wouldn't have needed to do that work. So in fact, awareness training might be your true first line of defense. Having access to regular, advanced training can empower your employees and keep them on their toes, helping you all prevent these attacks together.
Using these three proactive measures, you can work toward ransomware prevention and take the time that affords to develop a plan for remediation.
Speaking of ransomware prevention, we're currently hosting a Lunch and Learn series with Sophos in each of our different offices across the Northeast. If you're interested in learning more about ransomware, how it can affect your business and what you can do to prevent it, check out our recent events and how to sign up!
Originally published on 09/15/2016