How to prevent ransomware attacks

Issue 4 2021 Editor's Choice

Ransomware attacks have become a massive problem for almost every industry and every organisation size. In the U.S., federal officials have called it one of the biggest threats currently facing the nation. During the last year, criminals have attacked schools, shipping agencies, healthcare organisations, medical trials and more. Given the impact these attacks can have on organisations everywhere, security professionals need to secure their systems, networks and software in new ways.


Renee Tarun.

What is a ransomware attack?

Ransomware is a specific type of malware that holds data hostage in exchange for a ransom. As an attack methodology, it has the potential to cause severe damage. Phishing emails are a common delivery method, but ransomware can also be spread through drive-by downloading, which is when a user visits a website that’s infected.

Advanced attacks take seconds to compromise endpoints and ransomware attacks take seconds to damage your systems and infrastructure. That’s why it's critical to ensure your organisation is prepared. As attacks grow in sophistication, the impact of ransomware goes beyond financial losses and the productivity loss associated with systems going down.

Attempted attacks and data breaches are inevitable and no organisation wants to be forced to decide between paying a ransom and losing important data. Fortunately, those aren’t the only two options. The best option is to keep from being forced into that decision in the first place. This approach requires a layered security model that includes network, endpoint, application and data-centre controls powered by proactive global threat intelligence. With that in mind, here are nine things to consider to give your organisation the best chance of avoiding ransomware attacks.

1. Email gateway security and sandboxing

Email is one of the most popular attack vectors for threat actors. A secure email gateway solution provides advanced multilayered protection against the full spectrum of email-borne threats. Sandboxing provides an added layer of protection. Any email that passes the email filter and still contains unknown links, senders, or file types can be tested before it reaches your network or mail server.

2. Web application security/firewall technology

A web application firewall (WAF) helps protect web applications by filtering and monitoring HTTP traffic to and from a web service. It's a key security element because it acts as the first line of defence against cyberattacks. As organisations execute new digital initiatives, they often expand the attack surface at the same time. New web applications and application programming interfaces (APIs) can be exposed to dangerous traffic because of web server vulnerabilities, server plugins or other issues. A WAF helps keep these applications and the content they access secure.

3. Threat Intelligence sharing

Organisations must have real-time actionable intelligence to help mitigate unseen threats, such as FortiGuard Labs. Information must be shared between the different security layers and products within your environment to provide a proactive defence. In addition, this information sharing should extend to the broader cybersecurity community outside of your organisation, such as computer emergency response teams (CERTs), information sharing and analysis centres (ISACs) and industry coalitions like the Cyber Threat Alliance. Rapid sharing is the best way to respond quickly to attacks and break the cyber kill chain before it mutates or spreads to other systems or organisations.

4. Protecting endpoint devices

Traditional antivirus technologies don’t always do a good job and as threats continue to evolve, they typically can’t keep up. Organisations need to make sure they are appropriately protecting endpoint devices using an endpoint discovery and response (EDR) solution and other technologies.

In the current threat environment, advanced attacks can take minutes or seconds to compromise endpoints. First-generation EDR tools simply can’t keep up because they require manual triage and responses. Not only are they too slow for today’s lightning-fast threats, but they also generate a massive volume of alarms that burden already overworked cybersecurity teams. Additionally, legacy EDR security tools can drive up the cost of security operations and slow network processes and capabilities, which can have a negative impact on the business.

In contrast, next-generation EDR solutions deliver advanced, real-time threat intelligence, visibility, analysis, management and protection for endpoints – both pre- and post-infection to protect against ransomware. These EDR solutions can detect and defuse potential threats in real-time to proactively reduce the attack surface and help prevent malware infection and automate response and remediation procedures with customisable playbooks.

5. Data backups and incident response

Your organisation should be able to perform backups of all your systems and data and store it off the network. These backups should also be tested to ensure you can properly recover.

Every organisation should have an incident response plan in place, to ensure your business is prepared if you’re hit by a successful ransomware attack. People should have specific tasks assigned ahead of time. For instance, who will you contact for help with forensic analysis? Do you have experts readily available to help you restore systems? You also should be running exercises on a regular basis, with a focus on how you would recover from a ransomware attack.

6. Zero trust implementation

The zero trust security model assumes that anyone or anything that attempts to connect to the network is a potential threat. This network security philosophy states that no one inside or outside the network should be trusted unless their identification has been thoroughly checked. Zero trust recognises that threats both outside and inside the network are an omnipresent factor. These assumptions inform the thinking of network administrators, compelling them to design stringent, trustless security measures.

With a zero-trust approach, every individual or device that attempts to access the network or application must undergo strict identity verification before access is granted. This verification uses multifactor authentication (MFA) requiring users to provide multiple credentials before they are granted access. Zero trust also includes network access control (NAC), which is used to restrict unauthorised users and devices from gaining access to a corporate or private network. It ensures that only users who are authenticated and only devices that are authorised and compliant with security policies can enter the network.

7. Firewalls and network segmentation

Network segmentation is increasingly important as cloud adoption increases, especially in multi-cloud and hybrid cloud environments. With network segmentation, organisations partition their network according to business need and grant access according to role and current trust status. Every network request is inspected according to the requestor’s current trust status. This is extremely beneficial to prevent lateral movement of threats within the network, if they do in fact get inside the network.

8. User training and good cyber hygiene are key

Humans need to be at the heart of any cybersecurity strategy. According to the 2021 Verizon Data Breach Investigations Report, 85% of data breaches involve human interaction. You can have all the security solutions in the world, but if you’ve overlooked training your employees in cyber awareness, you’ll never be truly secure. Make sure all your employees receive substantial training on spotting and reporting suspicious cyber activity, maintaining cyber hygiene and securing their personal devices and home networks.

Employees should take training when they are hired and periodically throughout their tenure, so the information stays current and top of mind. Training also should be kept updated and include any new security protocols that may need to be implemented.

Educating individuals, especially remote workers, on how to maintain cyber distance, stay wary of suspicious requests and implement basic security tools and protocols can help CISOs build a baseline of defence at the most vulnerable edge of their network and help keep critical digital resources secure.

Organisations also need to practice good basic cyber hygiene to ensure all systems are properly updated and patched.

9. Deception technology

Organisations also should be aware of deception technology. Although it’s not a primary cybersecurity strategy, deception solutions can help protect systems if, despite all the other cybersecurity strategies you have in place, the bad actors still find a way in.

With deception technology, decoys mimic the actual servers, applications and data so that bad actors are tricked into believing they have infiltrated and gained access to the enterprise’s most important assets when in reality, they haven’t. This approach can be used to minimise damage and protect an organisation’s true assets. In addition, deception technology can accelerate the average time to discover and address threats.

Are you fully equipped to avoid a ransomware attack?

Ransomware attacks are everywhere. Company size and industry no longer matter as criminals search for an easy entry point into the network. The global shift to remote work has opened many security backdoors for bad actors to exploit and they are making the most of their moment. According to the Fortinet Global Threat Landscape Report, by the end of 2020, there were as many as 17 200 devices reporting ransomware each day.

Yet organisations are hardly helpless. They may need to do some rethinking and reorganising, but tools are available that can provide significant protection against ransomware attacks. Evaluate these nine recommendations and consider what you might need to do differently to give your organisation the best possible chance of defeating this significant threat.

Learn more about Fortinet’s free cybersecurity training, an initiative of Fortinet’s Training Advancement Agenda at https://www.fortinet.com/training/cybersecurity-professionals




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Standards for fire detection
SAQCC (Fire) Editor's Choice Fire & Safety Associations
With the increased number of devastating fires reported throughout South Africa, adequate and suitable fire detection cannot be overstated. SAQCC Fire will publish a series of articles in SMART Security Solutions to provide insight into fire detection requirements and importance.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...
The best of local and international
Technoswitch Fire Detection & Suppression Editor's Choice
SMART Security Solutions speaks to Technoswitch’s Managing Director, Brett Birch, to learn more about the company and how it serves the fire safety market in South and sub-Saharan Africa.

Read more...
Surveillance on the perimeter
Axis Communications SA Hikvision South Africa Technews Publishing Editor's Choice Perimeter Security, Alarms & Intruder Detection
Cameras have long been a feature in perimeter security, with varying reports of success and failure, often dependent on the cameras’ planning, installation and configuration, as well as their integration with other perimeter solutions and centralised management platforms.

Read more...
Onyyx wireless alarm
Technews Publishing Editor's Choice Smart Home Automation
IDS has introduced Onyyx, a wireless alarm system engineered to provide complete system control via the Onyyx app or keyring, as well as seamless installation.

Read more...
Visual verification raises the security game
Technews Publishing Inhep Electronics Holdings Videofied SA Editor's Choice Perimeter Security, Alarms & Intruder Detection
Incorporating alarm signals with live surveillance footage, visual verification enables a human observer in a control room (onsite or offsite) to gain a clear understanding of the situation, thereby facilitating informed decision-making.

Read more...
The AX Hybrid PRO Series offers reliable wired and wireless protection
Hikvision South Africa Editor's Choice Perimeter Security, Alarms & Intruder Detection Products & Solutions
Hikvision has announced the launch of a new AX Hybrid PRO alarm system with innovative Hikvision ‘Speed-X’ transmission technology. This system offers reliable wired protection while delivering expanded flexibility with seamless wireless integration.

Read more...
A critical component of perimeter security
Nemtek Electric Fencing Products Gallagher Technews Publishing Stafix Editor's Choice Perimeter Security, Alarms & Intruder Detection Integrated Solutions
Electric fences are standard in South Africa, but today, they also need to be able to integrate with other technologies and become part of a broader perimeter security solution.

Read more...
SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...