If organizations weren’t serious about tightening their cybersecurity strategy to combat ransomware within the past sixteen months, the mammoth WannaCry attack launched against the world on Friday, May 12, 2017 has certainly induced them to do so. Like most enterprise security threats, there are multiple ways to combat ransomware. Some methods are more intrusive than others though.
For example, denying access to the internet for user devices would guarantee absolute safety from almost any malware threat, but would greatly hamper the potential use of the device and user productivity, making this solution quite impractical. Instead of relying on these methods, read on for four cybersecurity solutions that are proven to combat ransomware, and avoid most malware attacks in general.
Four Steps to Avoid a Ransomware Attack
1. Assess Your Organization’s Email Protection Policies
As email correspondence continues to be the primary deployment mechanism for the dissemination of ransomware, strong email security policies are imperative today. Email protection should not only include SPAM filtering, but also eliminate viruses, malware and links to malicious websites. In addition, organizations that deploy cloud-based email solutions such as Office 365 should not solely rely on vendor protection, as is evident from the recent massive Gmail attack. Enterprises should consider supplementing their email security with a third party solution to be more proactive, and always make sure to hold regular employee trainings where CSOs educate users on how to spot a malicious email and explain cybersecurity best practices.
2. Use Advanced Web Filtering
Web filtering is not just about filtering distasteful and disturbing web content; it’s also a strong tactic against ransomware. Although email may be the primary delivery system for malware attacks, embedded links and attachments involve internet use. In addition, ransomware can be randomly delivered through drive-by websites, so teach team members about safe web surfing habits. Because of these threats, having a web filter designed to prevent access to known malware deployment sites is critical for organizations today.
3. Create a Well-Designed Backup Infrastructure
Backing up your data is not going to protect it from a ransomware encryption attack, but it will circumvent the need to pay the required ransom funds should you get hit by an attack. To keep your data safe, your organization’s backup and recovery system should reside in a separate security zone from your data silo in order to protect it from ransomware, as well as some recent variants that seek out known backup solutions.
Although backing up to tape or cold storage in the cloud is attractive from a cost perspective, the time required to fully restore a backup will definitely affect normal operations with the unplanned downtime. Because of this, some organizations may want to look at ransomware attacks as a disaster recovery scenario and seek an on demand cloud deployment solution to bring up data resources in a minimal amount of time.
4. Use an Intrusion Detection System
Firewall protection is no longer about simply blocking ports, it can also be used to avoid ransomware! A robust firewall today should include an IPS that examines incoming web traffic at multiple layers of the OSI model to catch threats before they become big problems. Using behavioral analysis, suspicious traffic can be averted from penetrating the network perimeter. A good example of this is the Fortigate line of UTM devices offered by Fortinet. For instance, Fortinet released an IPS signature update that terminated all attempts of the WannaCry attack.
Above we outlined four ways to avoid the invasive and persistent threat of ransomware. Stay tuned for four more tactics, which can help strengthen your enterprise security strategy. In the meantime, contact WEI for a review of your cybersecurity strategy and check out our tech brief, Using Network Segmentation to Manage Malware and Ransomware Risks.