July 27, 2021

5 Steps to Reduce Your Ransomware Risk

Post by: Tim Grelling

As the Director of Innovation of Core BTS’ Security Practice, Tim specializes in helping clients develop strategies that cover all aspects of their IT security. Having been in the industry for 20+ years, Tim has worked with numerous Fortune 500 companies in various industries on their cybersecurity assessments.

As the recent ransomware attack on the U.S.’s second-largest meat producer, JBS, made clear, cyberattacks on critical infrastructure can cause harm beyond the digital realm. By encrypting key data and IT systems, the attack forced JBS to shut down its production facilities for days – only narrowly avoiding nationwide shortages of beef, pork, and chicken.

As long as ransomware attacks remain both lucrative and relatively easy for cybercriminals, they’ll continue to be a threat to critical infrastructure from the food supply chain to fuel pipelines.

People often think about security as binary: a system is either secure or insecure. In reality, security is more about effectively managing risk. No organization has the resources to prevent 100% of intrusion attempts and other security incidents. However, you can take steps to ensure that when an attack does occur, the damage is as contained or minimized as possible. (Watch our Cybersecurity Mythbuster Series)

Following these right preparations can help you recover quickly with less long-term damage to your business:

1. Don’t Neglect Asset Management

It sounds obvious, but a big part of security is simply knowing what’s in your environment. You can’t patch an application if you don’t know it’s running on a system in your network. Besides simply taking inventory of the systems you have, prioritize them by business criticality and look for interdependencies between them. For example, maybe your customer relationship management (CRM) software won’t function unless your email server is running. Identify critical systems that are at the center of multiple dependencies or that control critical infrastructure, such as industrial equipment, and focus on hardening those assets against attacks. Every company has finite resources to devote to security, and you want to defend the most important parts of your network first.

2. Segment Your Network

In the same way that most ransomware attacks don’t start with ransomware, most attacks on critical infrastructure don’t start with a breach of those systems. Instead, cyber attackers gain access to less secure, lower priority elements and leapfrog to more attractive targets from there. By segmenting your network, you’ll make it harder for attackers to reach their targets.

3. Monitor Systems Closely

It’s not enough to just monitor firewalls or server logs any more. To swiftly detect intrusions in today’s connected environment, you must regularly check for anomalies across dozens of components – including cloud infrastructure and connections to third parties. Invest in security staff, tools, and resources so you can effectively monitor relevant logs and artifacts.

4. Back Up Your Systems Properly

If you get hit with ransomware, you may need to rebuild all your tech infrastructure from scratch. Therefore, it’s incredibly important to have adequate backups on-hand to expedite the process. Don’t assume the backup procedures you already have in place are up to the task — review them with ransomware in mind. For example, since a ransomware attack is often preceded by a months-long malware infection, consider storing backups for a longer period so you have a clean, uninfected copy of your system configurations and data. In addition, vary your backup strategy so that not all backups are in one server or technology. Utilize local, cloud, and offsite options to ensure maximum coverage.

5. Remediate Weaknesses After an Attack

It’s no use restoring your systems if you just leave the same vulnerability open to exploitation again. After a ransomware attack, invest in forensics to determine how attackers gained access to your systems. Then close that point of entry and address any other weaknesses that allowed the attacker or malware to move throughout the network. And, as mentioned in the previous point, avoid using backups that are infected with the malware that caused the initial breach.

Conclusion

The threat of ransomware isn’t going to go away anytime soon, particularly for companies that touch critical infrastructure. While there’s no foolproof solution, performing due diligence by boosting monitoring, segmenting your network, and backing up your most vital systems can go a long way toward reducing your risk — and mitigating the damage if and when your organization is targeted by attackers.

To learn more about how to minimize organizational risk, view our security solutions.

Secure By Design Assessment

Subscribe to our Newsletter

Stay informed on the latest technology news and trends

Relevant Insights

Part-Time Staff Cannot Monitor and Manage Your Security

Security is a full-time responsibility. It’s not 9-5. You have concerns, risks, and attacks 24/7/365. Adversaries work around the clock...

Cybersecurity Myth Busted: Security Can Be Managed by IT

Is security an Information Technology (IT) issue? The reality is security requires dedicated staff and specialized skills. We constantly have...

The Disappearing Edge Requires SASE to Protect Remote Workforces

For years, we have talked about our network and security edge expanding to the point where it disappears, but we...
X