Present Blog-IT thought leadership in Canada

Cyber Security First - Cyber Security Awareness Month 2021

Written by present | Oct 20, 2021 11:00:00 AM

It is less expensive, easier and less risky to protect yourself from a ransomware attack than it is to face the consequences of insufficient preparation.

 

 

 

 

 

 
 
Ransomware has become a major global concern.

And for good reason. Ransomware attacks are the most significant cyber threats facing businesses today.

It only takes one click too many to be caught in the fire of such attacks!

With the increasing number and scale of these attacks, coupled with today's industrialization of cybercrime, and its democratization (RaaS: Ransomware as a Service) companies must urgently:

  • Take proactive measures to prevent them;
  • Develop a plan to limit the damage;
  • Develop the ability to quickly restore operations to normal.

It is obvious that, whatever the type of threat, a weak plan to counter the potential effects puts an organization much more at risk of being very badly affected.

 

Are you prepared for a ransomware attack?

Businesses must be determined when it comes to protecting themselves against threats. And in this fight, prevention is the best defense. Because when is the best time to stop a fire? As soon as possible of course, but ideally before it even happens.

 

Therefore, answering the above question entails:

 

Identifying the essential ways that adversaries can gain access 

Criminals most often use the following attack vectors:

  • Brute force attack or password leak on the Dark Web;
  • Phishing attack with malicious links or code;
  • Exploitating the weaknesses of systems exposed to the Internet, such as VPN and RDP gateways.

Put in place the required preventive measures

Many successful attacks demonstrate that the real issue for companies is more their neglect of adversaries' initial access than the ransomware itself.

In relation to our 3 vectors, here are the main measures to be put in place.

  • Measures for brute force attacks
    • Use multi-factor authentication;
  • Measures for phishing attacks
    • Train users to identify social engineering and phishing;
    • Secure messaging;
    • Configure DKIM and DMARC to prevent attackers from using your domain for phishing attacks.
  • Measures for RDP and VPN access gateways
    • Define account lockout policies to prevent opponents from guessing the password;
    • Use multi-factor authentication;

 

Do you have the ability to detect and stop attacks?

Realistically, having these preventative measures in place does not ensure that attackers cannot enter your extended perimeter and gain access to a user's device.

 

A classic scenario

A user receives a malicious email that appears legitimate, prompting them to click a link or download an attachment containing malware.

Once the user clicks on the attachment or the link, the attack is launched.

Without proper endpoint protection, there is nothing organizations can do to detect and stop the attack.

 

An essential solution

The best solution is a Managed Detection and Response (MDR) service that can detect, quarantine and remove ransomware, preventing loss of data access, and the financial loss or time investment that could result.

Of course, the ability to detect and stop attacks doesn't stop there.

It is therefore essential to have sufficient visibility into anomalies, through the collection, monitoring and cross-correlation of event logs.

For example, in the case of gateway access, this is to collect and monitor logs for unauthorized access attempts.

 

How quickly can you get back to normal operation?

The MDR service, in addition to detecting, quarantining and removing ransomware, is also able to automatically reverse any changes that could possibly have been performed by malicious code in Windows environments, allowing you to get back very to normal very quickly.

However, your last resort defense should always be based on creating, maintaining and frequently testing your offline, encrypted, and immutable backups, especially for your critical data.

 

 

Conclusion

When it comes to ransomware, prevention means denying attackers initial access to any part of your business.

A comprehensive strategy should incorporate the following points:

  • Deploy attack-resistant user authentication;
  • Detect, quarantine and remove ransomware;
  • Automatically reverse all changes made by malicious code;
  • Adopt a resilient backup strategy.

To effectively fight ransomware, you have 2 alternatives:

  • Put in place the expertise, processes and measures proportionate to the threat.
  • Call on a managed security partner, specialized in this area.

In this second scenario, it is important to note that a small investment can make a huge difference.

Our cybersecurity experts can help you better protect your business against cyber attacks with our managed cybersecurity services.