Ransomware has been hitting the UK headlines recently with the severe disruption to Royal Mail’s overseas deliveries, employee data of The Guardian being accessed and Rackspace’s Hosted Exchange environment being forced to shut down. These ransomware attacks have disrupted services, resulting in valuable customer data being stolen and causing damage to brand reputation.
In this blog, with our cyber security expert and trusted partner, David Stubley from 7 Elements, we discuss how organisations can effectively mitigate cyber-attacks, including ransomware.
What is ransomware?
Ransomware is a type of malware deployed by malicious actors which prevents your organisation or end-users from accessing their device and the data stored on it, usually by encrypting files and requesting payment for the information to be re-released.
Malicious actors will take any opportunity presented to them to cause negative impact; therefore, it is paramount that organisations take the time to ensure that they continue to maintain good cyber security hygiene while managing the wider risks associated to both employees and the wider business.
Our following guidance looks at a number of core cyber security controls that organisations should implement and maintain to help effectively mitigate cyber attacks:
Top tips to protect you against ransomware
The first of your priorities should be to ensure that your organisation continues to download and install software security updates upon release. By implementing a comprehensive patching policy, that includes operating systems and third-party software, reduces potentially exploitable vulnerabilities and minimising the primary attack vectors malicious actors will seek to target.
On some occasions, security patches may introduce bugs into the operation of that software. As a result, it is recommended that where the business has capacity, it should install these patches in a test environment to verify the stability of the software once the patches are installed, before issuing to the wider estate.
Another priority should be ensuring that all of your sensitive and important business data is adequately backed up. Immutable, off network storage may need to be considered for the most critical data, that cannot be reproduced from alternative sources. A robust backup mechanism, that stores current data for a short-term in one location, before appending to a longer-term, more comprehensive backup solution would ensure that multiple disaster recovery scenarios are prepared for. Especially in terms of dealing with ransomware attacks.
In the event of sudden data loss, the short-term backups can be rolled out, reducing the need for operational downtime. Equally, in the event of a breach, the data can be rolled back from the longer-term solution to a time before the breach occurred, removing the potential for loss of data integrity and providing a measure of non-repudiation.
Consideration should be given to ensuring that any new technology deployed (such as cloud-based solutions) to enable the organisation deal with changes to working patterns are included within their backup requirements. A key question to ask, would be “Do any changes we have implemented altered where our sensitive data is held?”.
Changes to the network perimeter
Over the past few years, the number of remote workers within organisations has skyrocketed. This places higher burdens on the existing remote access solutions such as VPNs to access internal resources, or forces organisations to deploy new solutions to allow access remotely. This can pose a number of risks, such as exposing services to the internet that may not have been appropriately configured. Another issue may relate to the use of outdated software if this solution has been in place for some time. Any new or existing software should be deployed to adhere to recommended good practices, such as those provided by the National Cyber Security Centre (NCSC) as part of their End User Device Security guide.
Robust Password Policy
Another significant security control that must remain a focus is a robust password policy, with multi-factor authentication enforced where possible, especially where new services are being stood-up in short timescales. Current advice for user password creation is to allow users to use three random words as a passphrase as these are easier for a user to remember, but difficult for an attacker to guess, while typically being of a sufficient length to make password cracking very difficult. Further guidance on the use of passphrases versus passwords can be found here: https://www.7elements.co.uk/resources/guidance/passphrase-guidance/
Enable MFA Everywhere
Multi-Factor Authentication (MFA) can further reduce the likelihood of a successful account compromise. Other solutions may be to use enterprise Single Sign-On (SSO) solutions that are designed to reduce the number of passwords a user must remember, while allowing for access to multiple applications and services. This can allow for a stronger password to be set without the confusion of multiple passwords to manage.
With the increase in remote working, comes the decrease in the ability for the workforce to communicate face to face. As a result, the number of emails received is likely to increase. While email security is a fairly broad topic, with a number of security controls that can be implemented, it is often the human factor that leads to issues. Phishing attacks have become more and more sophisticated, with methods to evade technical controls constantly being discovered. As a result, training plans that aid all users with identification of potentially malicious emails, as well as the process to report them, is often a crucial piece of the puzzle. This training will need to be ongoing to ensure that emerging threats and trends are taught to staff to help them with this.
While organisational IT operations are forced to change and evolve, the core security practices we have laid out should not be neglected and ignored. They are as crucial to an organisations ongoing security now as they were a year ago. Many organisations will already have these practices implemented, while a number will still need to adopt them. Whether just rolled out, or implemented and in use for several years, auditing and security testing is vital to verifying that the controls implemented do as intended and identifying any gaps in the control.
Our advice can help to support you against cyber attacks, including ransomware. If your organisation is concerned about your existing cyber security posture, and wish to have it externally reviewed, ourselves and our trusted partners at 7 Elements are here to help. We can offer a CREST accredited and independent IT security testing to support your cyber security and incident support.