5 Essential Steps to Prevent Ransomware
— February 22nd, 2022
What’s in this post:
— Tackling the ransomware problem requires organizational commitment
— Cultivating cyber-aware corporate employee behavior is a top priority
— 5 components important to the 2022 ransomware prevention toolbox
My last post on ransomware pointed out that experts predict ransomware attacks to increase in 2022. In today’s post, we’ll explore best practices and risk mitigation tactics emerging as top priorities to prevent ransomware attacks in 2022.
Perhaps the most important point, and one that appears to gather broad agreement, is that tackling the ransomware problem is going to require organizational commitment.
Actually, lowercase doesn’t quite make the point, does it? What’s required, actually, is more like COMMITMENT.
“Though business leaders are more confident employing tactics to prevent ransomware attacks, confronting risk requires an internal commitment starting from the C-suite down to interns. "Businesses must take acceptable and calculated risks each day — the same applies to cybersecurity," Theo Zafirakos, CISO of Terranova Security, told cybersecuritydive.com.
Cybercriminal skillsets have indeed become more sophisticated, with traditional attack vectors targeting human behavior still remaining at the top of the cybercriminal maneuver list.
Security awareness training aimed at evolving more cyber-aware corporate employee behavior — alertness to phishing attempts, understanding how to report suspicious behavior, etc. — is no doubt a top priority in any committed 2022 ransomware avoidance strategy.
“To succeed, organizations must invest in processes and people.’, said Zafirakos. Companies have put more resources toward training employees on ransomware awareness. This includes ensuring employees know how to report suspicious messages.”
Preventing a ransomware attack requires much more than strong security training and cyber-aware employees. Here are 5 components that rise to the top of lists as part of any 2022 ransomware prevention toolbox:
#1 Zero-Trust Security Model
Preventing cyber-infection is half the battle, preventing lateral spread is the other. By applying zero-trust security principles, companies can hope to prevent lateral movement and spread in a ransomware attack.
“The main concept behind zero-trust is “never trust, always verify....”, according to Wikipedia. That goes for usernames, passwords, devices … everything …. physical and virtual...all the time. Word to the wise, however: interpretations of applied zero trust security can vary depending on who one asks. When considering zero-trust security, be sure all stakeholders are talking the same zero trust language.
#2 Least Privilege Principle
For many security professionals, zero-trust security and least privilege principles are tightly coupled. No argument, they are indeed related. They are not, however, synonymous. While zero-trust is interested in “who”, least privilege focuses on “what”.
If a staff-level account were to be compromised, that the account is not permissioned with the proverbial keys to the kingdom would be a good thing. Bottom line, as Medium.com article on Zero-Trust vs Least Privilege stated: “the only resources available....required to perform the authorized activities...".
#3 Patching Policy and Cadence
Patch, patch, and patch again, seems to be the 2022 patch management mantra. The importance of an assertive patching policy cannot be overstated, as Securityintelligence.com highlights: “Maintaining an aggressive and current patch management policy can foil attackers that maliciously use zero-day vulnerabilities in their ransomware attacks — a notable threat intelligence trend.”
For the avoidance of doubt, it’s worth calling out: priority-based patching cadence trumps blind frequency of policy for policy’s sake driven.
#4 Multifactor Authentication (MFA)
Although a cyber attacker may gain control of account credentials, without the 2nd authentication factor, the attack target remains inaccessible. Most experts agree that use of MFA whenever and wherever possible, seems a wise and prudent best practice for ransomware prevention in 2022.
#5 Update Antivirus Tools
Detection of ever-evolving ransomware threats requires that antivirus be updated constantly. And there is a strong case for taking it beyond signature-centric tools to include AV solutions on the look for suspicious behaviors:.
As Securityintelligence.com points out: “Additional endpoint protection solutions that detect suspicious behavior and untrusted applications should also be given serious consideration.”(6 SecurityIntelligence.com, Everything You Need to Know About Ransomware Attacks and Gangs In 2022)