In the IT security community, 2016 has become known as the year of ransomware. Despite its humble beginnings dating back to 1989, in the last few years ransomware has become one of the most, if not the most, significant security threat facing businesses of all sizes. While most ransomware attacks go unreported despite the urging of the FBI, we continue to see headline stories of attacks happening in our home state, like that of the City of Springfield, and around the rest of the country, like the story out of Los Angeles. This article offers a few straightforward steps to help protect your business against the risk of a bad actor taking your data hostage.
We should first start by defining a few terms. According to Wikipedia: “Malware, short for malicious software, is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.
Ransomware is computer malware that installs covertly on a victim’s computer, executes a crypto virology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it. Advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file. Ransom payments are requested using a cryptocurrency.
A cryptocurrency (or crypto currency) is a digital asset designed to work as a medium of exchange using cryptography to secure the transactions and to control the creation of additional units of the currency. Cryptocurrencies are a subset of alternative currencies, or specifically of digital currencies. Bitcoin became the first decentralized cryptocurrency in 2009.”
We at Kraft Technology Group have seen a significant spike in the number of clients affected by ransomware attacks in the last 12 months. Thankfully, our clients have not had to pay any ransom to recover data – due in part to our robust business continuity solution. Having a rock-solid business continuity solution is the primary method to protect your business from the significant risks caused by ransomware and other malware in the wild. Even with a recovery solution in place that shields you from having to pay a ransom, there can still be a significant impact on business operations if your data becomes encrypted.
We are going to provide you with a list of the top five ways to mitigate this significant threat:
1) Business continuity & disaster recovery
Your number one priority is to make sure your data is being backed up regularly with recovery testing taking place frequently. By ensuring you have the ability to recover your data either onsite at your location or in another facility if yours is inoperable, you will have peace of mind, knowing that even if your network is affected by ransomware, you will not have to be the victim. Check out the four minute video, The State of Ransomware 2016, by our technology partner Datto.
2) Mitigation strategies
Implement the first four mitigation strategies in the “Strategies to Mitigate Targeted Cyber Intrusions”. As we explained in our September 2016 article, “IT compliance leads to false sense of security,” implementing these strategies will reduce your risk by a whopping 85 percent!
- Use application whitelisting.
- Patch applications.
- Patch operating system vulnerabilities.
- Minimize the number of users with administrative privileges.
3) Employee education and continual security awareness training
We aren’t talking about the once-per-year stale security awareness training you may be accustomed to. Here is a two minute video describing a newer methodology for educating and testing employees on IT security. “People are used to having a technology solution [but] social engineering bypasses all technologies, including firewalls. Technology is critical, but we have to look at people and processes. Social engineering is a form of hacking that uses influence tactics.” – Kevin Mitnick.
4) Strong web content filtering with DNS filtering
DNS stands for domain name system — the protocol the Internet relies on to make sure users get to the right server IP address when they type kraftcpas.com into the browser address bar. The idea behind the technology is to block DNS requests before a device can even connect to sites hosting ransomware. Combine DNS filtering along with traditional category-based web content filtering, and your Internet browsing activity will be as secure as possible.
5) Email security with best-of-breed features and constant tuning
The bad actors are constantly tweaking their attacks to bypass security barriers such as anti-spam and email antivirus solutions. Your email security solution provider should be constantly tweaking your defenses as well. Look for a solution that examines hyperlinks in inbound emails as well as deep inspection of attachments. Another must-have feature is email continuity, which provides an online portal to send and receive email in the event your email server is offline for any reason (such as a malware attack).
Kraft Technology Group is ready to assist you with your ransomware defense strategies. Please give us a call!