Ransomware is a type of malware that encrypts your data, then locks your access to your infected computers until a ransom is paid. This type of attack is becoming more and more common, and it can be very costly and damaging for businesses that are not prepared. In this blog post, we will explore the key questions organizations can ask to test their preparedness to a ransomware attack, from whether their perimeter can be breached and their users be targeted for a successful phishing attack to whether your critical backups are well-protected.

Can your network perimeter be breached?

Thinking like an attacker could help answer this question: Since there are countless ways of breaching your organization’s network perimeter, from an injection into one of its applications to a brute-force attack on its firewall, what truly matters is understanding that an attacker may first target the whole Internet for a particular vulnerability, then narrow down on a list of company websites having this vulnerability, among which would be yours.

Making sure that any of your online applications don’t end up in those attackers’ lists of exploitable vulnerabilities comes down to an arsenal of security measures, from network security, application security, and cloud security penetration testing to adversary simulation assessments and cybersecurity awareness and phishing testing. There’s only one way to know if your network perimeter could be breached, and it’s by being proactive in having your networks, applications, and users tested for security by certified penetration testers.

Can your users be targeted with phishing attacks?

Yes, any of your organization’s users can be targeted for a phishing attack, regardless of their technical expertise or position within an organization. The best way to protect against phishing attacks is to raise your users’ cybersecurity awareness through training and increase their ability to detect and report suspicious emails through phishing testing.

Are your critical back-ups well-protected?

Yes, ransomware can target and encrypt your backups as well as your live data, so, it’s important to ensure that your backups are well-protected. You should have offline backups that are not connected to your network, and you should regularly test your backup and recovery procedures to make sure they work as expected.

What security tips could help improve your ransomware preparedness?

• Enforce the use of strong passwords.
• Implement two-factor authentication.
• Set up and test out offsite backups.
• Implement least-privilege access.
• Delete inactive email addresses.
• Whitelist secure applications.
• Avoid default configurations.

Applying these tips will help kick up a notch your organization’s preparedness to a ransomware attack.

What are the key security areas to focus on for ransomware preparedness?

Log management: Managing user activity logs can help you detect ransomware activity and isolate infected systems,

Web and email filtering: Blocking ransomware-related URLs and emails can help prevent ransomware from infecting your systems.

Network and endpoint protection: Applying security controls like firewalls, intrusion detection/prevention systems, and endpoint protection can help stop ransomware attacks.

Privilege access management: Managing user privileges can help reduce the ransomware attack surface.

Vulnerability testing and remediation: Identifying and patching vulnerabilities can help prevent ransomware from exploiting them.

Backup and recovery management: Managing and testing your offsite backups will help increase your ransomware preparedness.

IP address whitelisting: Only allowing trusted IP addresses to access your systems can help stop ransomware attacks.

Cybersecurity training: Raising your users’ cybersecurity awareness and also testing them detecting phishing emails will help increase your ransomware preparedness.

Vendor risk management: Assessing ransomware risk as part of your vendor risk management process will help you identify and mitigate ransomware risks.

Wrapping up

The rapid rise of the Ransomware-as-a-Service (RaaS) business model has significantly increased the frequency and likelihood of ransomware attacks. Keeping in mind that attackers are first and foremost driven by finding vulnerabilities could lead you to this very simple question: Are your system’s unsuspected and unaddressed vulnerabilities making you an easy target for attackers? That’s where the work of ethical hackers or penetration testers not only helps you answer this question, but also makes your ransomware preparedness an ongoing successful journey.

Contact us if you need help with your ransomware readiness audit project.