Today’s cyber extortion events are much more likely to involve threat actors who exploit access into networks, install highly persistent malware, target backups, steal data, and threaten to expose the compromise. As the criminals become more sophisticated, it is more important than ever for organizations to adopt a layered approach to security, and take stringent measures to stop or minimize a cyber extortion event at every stage.
Organizations need to make it hard for threat actors at every step
Cyber extortion is a process and there are many opportunities along the way to disrupt the criminals’ activities. Ransomware is avoidable but requires regular and thorough training of employees on how to avoid this evolving threat. Organizations should not only try to prevent a ransomware infection, but prepare in case they do get infected, through multiple layers of security, each reducing the risk and probability of ransomware. Training employees to recognize phishing emails; establishing secure, offline backups; encrypting data at rest; monitoring for network intrusions; keeping up with patching systems and applications—all of these make it harder for an attacker to exploit access even if they do get into a network.
Steps to protect against ransomware
- Start with a risk assessment. Addressing risks starts with identifying what they are, where they are, and how severe the consequences are.
- Email content and delivery: Enforce strict Sender Policy Framework (SPF) checks for all inbound email messages, verifying the validity of sending organizations. Filter all inbound messages for malicious content including executables, macro-enabled documents and links to malicious sites.
- Manage access effectively: Ransomware doesn’t have to go viral in an organization. Put in place appropriate measures for general user and system access across the organization: privileged access for critical assets (servers, end-points, applications, databases, etc.) and enforce multi-factor authentication (MFA) where appropriate (for example remote access/VPN, externally facing applications).
- Back-up key systems and databases: Ensure regular back-ups that are verified and stored safely offline. Use strong, unique back-up credentials, and secure them separately. Test backups to ensure restoration from them.
- Educate users: Most attacks rely on users making mistakes. Train users to identify phishing emails with malicious links or attachments. Regular phishing exercises are a great way to do this.
- Patch systems and applications: Conduct regular vulnerability scans and rapidly patch critical vulnerabilities across endpoints and servers – especially externally facing systems.
- Secure remote access: Do not expose Remote Desktop Protocol (RDP) directly to the Internet. Use Remote Desktop Gateway (RDG) or secure RDP behind a multi-factor authentication-enabled virtual private network (VPN).
Additional resources on Beazley’s 360 approach to ransomware and suite of cyber services https://www.beazley.com/usa/cyber_and_executive_risk/cyber_and_tech/beazley_breach_response/cyber_services/cyber_extortion_us.html.