The IT community and its leaders must continue to focus like a laser beam on the user community when it comes to assessing their vulnerabilities to threats of data breach. The user is still the weakest link in the chain.
According to a survey commissioned by the premier cybersecurity firm SANS, the highest security threat in 2016 was Ransomware. More than 50% of financial institutions surveyed indicated that ransomware was their biggest security concern! Tools to launch ransomware and denial of service attacks are readily available on the web, making them easy to propagate to a large audience, with very little effort and skill. The level of risk of Ransomware has even overtaken Phishing attacks, which has most recently been the biggest concern for security professionals.
What is Ransomware?
Ransomware often originates via email containing attachments or embedded links to websites which can prevent you from accessing Windows, encrypts files while hiding the encryption keys, and stops certain programs (i.e. browser) from working unless you pay money (a “ransom”) to get access to your data. There is no guarantee that paying the fine or doing what the ransomware tells you will give you access to your data again. Ransomware can even find its way into advertisements on legitimate websites that remain active for prolonged periods of time. Rarely do victims realize or recognize when this occurs.
How can you protect your organization from Ransomware?
- Schedule user training and testing to increase awareness of ransomware attacks
- Implement comprehensive patch management programs that keep systems up-to-date
- Limit user privileges and access to resources required for doing job
- Perform backups and store backed up data offline (newer ransomware can spread through drive shares and even reconnect disconnected shares)
- Segment network to add checkpoints that require authentication (i.e. password) for accessing infrequently used systems
- Use Application layer firewalls to block inbound and outbound traffic to known ransomware websites, thus preventing users from inadvertently downloading malicious tools or uploading encryption keys
While not as explicit as Ransomware, Phishing & Spearphishing are still very much on the radar. Like ransomware they rely on social engineering to convince users into careless behavior that allows the attackers to gain a foothold in the organization. Spearphishing which is a targeted form of phishing targets executives, which is where the most valuable information resides.
A combination of technological tools and an effective user training program will go a long way towards mitigating the risks of Ransomware and Phishing attacks.
If you have questions about ransomware or cybersecurity in general, contact Superior Technology at 845-735-3555 or online at www.superiortechnology.com