How To Avoid Ransomware Attacks | State of Cybersecurity
Strive’s VP of Cybersecurity & Compliance, Dominick Birolin, CISSP, CISA, explains some of the many ways companies can avoid falling victim to ransomware attacks – from testing your disaster recovery processes to updating user permissions.
You’re going to need to have your disaster recovery plans and you’re going to need to test your disaster recover plans. If you don’t rest your backups, you don’t have viable backups. Also, a lot of ransomware will remain dormant for an extended period of time, so if you’ve backed up an infected image and then you restored to it, you’re back where you started from where you’re going to have the ransomware. So, the backup is not actually viable.
You need to have a robust patch management and vulnerability mitigation program to make sure your systems are updated accordingly. You need to have quarantine capabilities – a lot of networks and Industrial Control Systems are flat networks meaning that they’re not segmented. So, you should have your like systems and I suggest following the Purdue model for this, which will isolate your networks.
And also, your firewall should be configured to the lower or least privilege, for only communications needed for operations to be allowed through. And these should be audited regularly to make sure that unused firewall rules are closed and no longer in use.
You need to have threat detection. Threat detection can help you recognize when you are having a ransomware attack and then also help you provide a kill chain to stop the propagation of that ransomware attack.
Your endpoint detection and response capabilities, so like antivirus, that’s a big component of whether your machine will be a victim of ransomware. Also, you know least privilege for rights. I see in a lot of Industrial Control System environments a lot of people running normal operations with administrator rights, which is unneeded. It gives them install rights to the PC. You only need a user account for normal operations. You should have a separate account when you want to install software using the admin account.
And, cybersecurity awareness training for all your employees and network perimeter defense review and intrusion detection and / or intrusion prevention.