Ransomware is a threat to businesses of all sizes, it doesn’t discriminate

(Image credit: Shutterstock / binarydesign)

Malware (malicious software), by its very name, does no good for anyone or any business. Ransomware is one (very well-known) form of malware. Its modus operandi is to prevent you from accessing your computer or any data that is stored on it. Ransomware can spread to other machines on the network - remember Wannacry and the attack on the NHS? These days, the chances of falling victim to a ransomware attack are at an all-time high. Ransomware is a threat to businesses of all sizes and from all sectors - it doesn’t discriminate.

Cybersecurity has never been more important for businesses. They have to operate in a landscape that is becoming increasingly more connected and shifting towards hybrid models. We see IT environments that are widely distributed across devices, systems, clouds and locations - particularly so with the advent of widespread remote working thanks to Covid.

Many organizations adopt a reactive approach to cyberattacks when in reality, a proactive mindset would be much more productive. Many companies simply adapt their existing solutions or roll out a technology in response to a specific incident in a particular area of their infrastructure. To offer any real hope of protection, a solution must be multi-layered in order to cope with a targeted attack. What can your business do then?

About the author

Francis O’Haire is Group Technology Director at DataSolutions

The security ABC

Traditional approaches can be effective, but you can’t forget the basics like having a well-tested backup and recovery plan or a timely patch management process. Furthermore, you need to ensure that you implement well-managed perimeter and endpoint security policies. Together, these should prevent the amateurs from doing any real damage but won’t stop a sophisticated attack. Keeping software and operating systems up to date through timely patch management is also critical, although not guaranteed to protect you as many attacks are against unpatched vulnerabilities (known as zero-day attacks).

Embrace new technology

Traditional security solutions either don’t work at all in cloud environments or have only limited functionality. And that was two years ago – think about how much things have progressed since then in terms of both technologies and threats. That’s precisely why newer technologies and approaches are required to put up a better defence against the latest threats. These include micro-segmentation, next generation endpoint and sandboxing solutions, and zero-trust network access (ZTNA). In fact, ZTNA can add a whole new level of defence for your organization including greater visibility, faster detection, reduced IT complexity and enhanced data protection.

Older endpoint security approaches such as antivirus is also no longer up to the task of preventing a laptop or mobile device from being the point of entry for an attack. These products often rely on prior knowledge of a vulnerability or malware. Modern endpoint security solutions can protect against completely unknown and never-before-seen attack methods. This is achieved via techniques such as threat emulation and threat extraction where a suspicious file or program is opened in an isolated sandbox where its behaviour and intentions can be safely determined and neutralized, as necessary. More comprehensive solutions also include dedicated anti-ransomware and anti-phishing protections.

Plan B

Unfortunately, you do need to prepare for a breach or hack, which means implementing a comprehensive and regularly tested business continuity (BC) plan. In other words, this will define what happens if an attack proves to be successful. As well as helping to safeguard critical information, a good BC strategy can reduce the impact on operations and service in the event of a breach. The foundation for this is maintaining and testing your backup regularly, especially the recovery capability of critical systems and data. These backups will be primary targets too though, so must be kept out of reach of attackers.

Divided we fall? Nope

Traditional perimeter security solutions, such as firewalls and proxies, are still essential but it can almost be assumed nowadays that a motivated hacker will get inside your network. These perimeter solutions do not prevent that attacker from then moving between internal systems in search of valuable data to steal and potentially encrypt for ransom. To prevent this internal reconnaissance, or what is called “lateral movement”, a newer approach called micro-segmentation is needed. By defining and enforcing how internal systems can communicate with each other on a much more granular level, an attacker’s freedom to roam the network is thwarted, therefore protecting critical data and systems. Think about your environment as if it were a modern airport – place strict controls on both staff and travelers (hackers) in terms of where they can move within the environment in order to create a safe and secure space.

Empower your people

As well as technological protections, staff training is also an important part of a multi-layered security strategy. Many targeted attacks will start with a phishing email where a legitimate looking request from a colleague, supplier or customer will entice the user to click on a malicious link or open an infected attachment which then lets the attacker gain access to the network. Teaching employees how to identify these fake requests is essential. So too is the need for staff to know how important it is for them not to be afraid to report them quickly if they do fall victim to one.

Ransomware attacks can wreak havoc on organizations - they disrupt normal operations and are a financial burden; and let’s not forget about any potential reputational damage. Sadly, such attacks are almost inevitable these days and any company can be targeted in this way. The good news is that, with the right security solutions and strategies in place, these attacks can be prevented or be effectively subdued. But criminals never stop, and threats continue relentlessly, changing tack to catch businesses off-guard. This is why your business must also change approach and roll with the punches. Take a proactive stance always and you have a fighting chance of dealing ransomware and other cyberattacks, a deathblow.

Francis O’Haire is Group Technology Director at DataSolutions