After some recent high profile and potentially devastating cybersecurity and ransomware attacks, including the attacks on the Florida water treatment plant, the Colonial Pipeline and JBS (the world’s largest meat processing facilities), President Biden’s administration issued an executive order directed at federal information systems and then a memo directed at business leaders, urging them to take the issue of ransomware seriously and providing direction on steps to take.
Many businesses have long considered themselves an unlikely target for cyber crime and have procrastinated implementing proactive cybersecurity measures. But as Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology wrote in the June 2 memo, “All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location.”
Implementing expanded and more comprehensive security measures are no longer optional. The risk, and its visibility, are too great to ignore.
Critical Steps to Guard Against Ransomware
What steps do organizations need to take to protect themselves?
Deputy Neuberger’s memo listed several actions that organizations should take now to protect their businesses and their data. We’ve included some of the highlights from the recent memo, as well as some tips of our own.
Back up your data
Backing up data isn’t just a best practice; it’s also a means of protecting your business and maintaining business continuity. To ensure backups are the most effective, keep copies offline and test them regularly. Many ransomware attacks search for and encrypt backups as well as production data to increase the effectiveness of the attack.
Update and patch systems
According to CSO Magazine, 60% of breaches involved vulnerabilities in software where a patch was available but not applied. Included in the memo’s recommendation on patching was to ensure operating systems, applications and firmware are all updated in a timely manner.
Test your incident response plan
Testing your incident response serves multiple purposes, including identifying which controls are not effective and where gaps in your plan may exist. The memo suggests businesses consider core questions that can help in the creation of an effective plan, such as, “Are you able to sustain business operations without access to certain systems?”
Check your security team’s work
Third-party pen testers, ethical hackers and assessment teams can check the work of your security team to identify any “unlocked doors” into your network that your team may have missed, but that a sophisticated ransomware attack may not. Even if your cybersecurity team is highly skilled, having a third-party assessment is a good idea.
Segment your networks
The goal of ransomware attacks has recently shifted from stealing data to disrupting operations, the memo notes. Separating business operations from manufacturing and production will offer more opportunities to limit and filter traffic between them, or isolate a given environment should an attack or breach be discovered on one but has not infiltrated another.
Undergo a vulnerability assessment
This is a systematic review of your security weaknesses across known systems. Severity levels are assigned based on the assessment so that the vulnerabilities that pose the largest risk or that can cause the most damage can be addressed first. A comprehensive assessment will include recommendations for remediation and mitigation. Ethical hacking—the process whereby a team attempts to breach an organization’s system—may be part of this assessment as well.
Train your users
Users should be trained on network and access security. This training should include awareness of phishing, password security, access control and virus protection.
Institute access control and zero-trust architecture
Users should only have as much access as is needed to effectively do their jobs. It should be assumed that all users are a potential vector for attack, especially with many employees now working from home on unsecured systems. This should include regular logical access review and audits to ensure system access is aligned with job functions, as well as an assessment of off-boarding procedures to prevent former employees from having continued access to internal systems.
Utilize third-party assessments
Having an outside, third-party assessment of your systems can help prevent your data from being exploited by bad actors. Partners and third parties can also present a threat surface. Organizations should include processes for third-party risk assessment. This could include a request for a SOC for Cybersecurity report.
Create an incident playbook
During an incident is not an ideal time to develop a plan. When a breach or incident is in progress, teams should have a roadmap of how to address the threat, minimize the risk and damage, and have a clear path on notification processes (who, what, where and when) and how to move forward. As mentioned in the White House memo, you should also test this plan to ensure that all controls are working as intended.
Implement code scanning
As part of the process for development and deployment of new code for internal software and products, development teams should use Integrated Development Environment (IDE) scanners and vulnerability scanning tools to ensure they are not introducing holes into the system.
Utilize multi-factor authentication
Multi-factor authentication requires users to provide two or more methods of verification for access to a system. Formerly known as two-factor authentication, multi-factor combines a standard login and password paired with additional verification factors, such as biometrics, app-based authentication and text messaging.
Leverage Scanning and Monitoring
Network scanners and monitors gather data from across the ecosystem and offer real-time analysis and alerts. Security Information and Event Management (SIEM) are common and well-known. The most sophisticated monitoring systems use artificial intelligence to identify and alert on unusual activity on the network and systems.
Implement Endpoint Protection
Endpoints, like mobile devices, laptops and workstations, and even printers and IoT devices, can be vectors of attack. Endpoint protection runs on or around these devices to prevent malicious applications to enter the network. This includes anti-virus software, anti-malware, personal firewalls and application controls.
Incorporate Redundant Fail-safes
Organizations that have a single point of failure within their most critical or sensitive systems are at particular risk. Redundant fail-safes, including redundant servers, network segments, connectivity and system backups should be part of a cybersecurity and business continuity plan for a business.
Establish a Cyber-First Organizational Mindset
One of the most important elements of a secure organization is not software that can be installed or hardware that can be configured; it’s the mindset of the organization itself. Establishing that cybersecurity is a priority and the responsibility of everyone within the organization is a key element in preventing attacks.
This mindset must be displayed from the top down, starting with the executive leadership and board of directors. Organizations should create a Cybersecurity Safety Review Board to take ownership of the business’s overall cybersecurity plans and overarching strategies. Budget and personnel should be a priority, and each project should consider its impact on the safety of the organization’s security posture. When the leadership is engaged and focused on protecting the business from cybersecurity threats, the overall organization will have better direction and clarity on the importance of keeping the business secure.
Learn More about How to Protect Your Company from Ransomware
The most important thing to remember is that your organization should do everything possible as soon as possible. It may not be feasible—operationally or financially—to implement large-scale cybersecurity changes all at once. However, it’s important to get started and to consider cybersecurity as part of every project.
The best time to improve your cybersecurity was months or years ago. The second best time is today. Don’t let the breadth of changes needed hold you back, though. Begin assessing what is needed and tackle the changes iteratively and intelligently.
If you need help or highly qualified advice on how your organization should move forward to evaluate your current cybersecurity stance and what measures to take to protect your business from attack, speak with a Warren Averett Technology Group expert today.