The World Economic Forum recently deemed ransomware to be one of the top ten risks threatening societies across the world in its recent 2022 global risk report. To raise awareness of this growing threat, Adarma’s threat intelligence services team have created a series of ransomware blogs to offer our top recommendations on how best to deal with the rising threat of ransomware.
In this blog we will explore the 7 key areas you need to consider when planning your cyber defence strategy to sharpen your cyber resilience plan.
1 – Understand yourself and your cyber threats better
Take stock of your assets. These include everything from proprietary plans and designs of your products through to accounting and personnel files, customer information, passwords, even maps and schematics. All this data has value to cybercriminals. Identify all your weak points.
– Are there computers that are shared by many people?
– Are there computers or servers you have lost track of?
– Do you have employees who work from home or occasionally in coffee shops? Do you have legacy systems that might have out-of-date, unpatched applications?
– Do your admins use easy to guess passwords like Admin123? (It’s more common than you would like to think!)
These are just a few examples of potential weak points in your organisation right now. So, it’s worth taking stock of these points – don’t leave any digital doors open to your attackers, no matter how seemingly insignificant.
2 – Practice cyber hygiene everywhere
Ensure you have a strong password policy, incorporating password management software and multi-factor authentication. Train all employees, including executives and contractors, in all elements of cyber hygiene, including at their home office. Ensure software patches and other ongoing maintenance and upgrades are practiced across the board promptly, from the IT department through to individual employees. You cannot be lax in this respect, particularly if your organisation is a high value target such as critical infrastructure; you only need to let your guard slip once, for an attacker to snake past your defences.
3 – Build a more adaptive protection posture
Take some time to think like a cyber criminal, since criminals are good at seeing opportunities where the rest of us simply see nothing. When you have a hammer, everything looks like a nail, and criminals move with a hammer in their hand. Build your threat intelligence knowledge base. Successful defence always includes specific 360-degree intelligence, applied internally and externally. Too much time, money and resources are routinely wasted on generic threat intelligence. Make sure the threat intelligence you get applies to your situation.
Despite all best efforts, 100% protection is neither attainable nor sustainable, so prepare for those times when you must detect and respond quickly to emerging gaps and risks. This includes identifying what threatens you, and how threat actors will go about leveraging your vulnerabilities.
5 – Embed risk management into your organisation’s decision-making process
Every decision must incorporate threat awareness and risk readiness. Cybersecurity does not belong just to the IT department. It’s like the immune system of the human body: it exists everywhere, it affects everything and is affected by everything. No matter how removed a business discussion or concept is, it must be assessed in terms of risk and protection.
Carefully consider the value of your data and systems to your business, and balance this against all conceivable risks. This includes:
– Physical risks such as malware, ransomware, viruses, and remote access tools
– Human risks ranging from independent hackers and hacktivists to organised cybercrime groups and to nation-state attackers, and don’t forget your own people, including employees, contractors, suppliers, and guests
– Compliance risks such as privacy regulations (GDPR, HIPAA), policies, regulatory obligations, and industry best practices
6 – Go beyond “awareness” and embed security skills
People are busy and they often find security practices like password management and two factor/multi-factor authentication tedious and intrusive. Traditional training methods can be ineffective and easily forgotten. Security skills must be incorporated into a company culture and rewarded. They must remain topical and thorough but delivered and cared for in a way that allows employees to continue to do their jobs efficiently and securely, whether on-premises, at home, or while travelling.
7 – Practice and simulate: Don’t only learn by your real mistakes
Tabletop exercises followed by full physical drills help identify the holes in any company’s security protocol. When a real crisis happens, people tend to rely on reflex, which can lead to even further problems. Real physical experience is vital to embedding security into the workplace culture.
As ransomware becomes more sophisticated and easier than ever to launch thanks to the rise of Ransomware as a Service, no security measures are 100% infallible. Therefore, it’s vital that organisations have a well-rehearsed incident response in place and are ready for any scenario. Every minute counts when an attacker breaches your systems, and it can be hard to keep panic at bay when a cyber aggressor has access to your digital environment.