Ransomware attacks are on the rise for financial services according to the ransomware alert released by SEC’s OCIE. OCIE noted that the sophistication of attacks on SEC registrants has increased. Ransomware is a type of malware. Attackers use malware to gain access to your organization’s systems or data. Once they have access, they lock you out by encrypting your data. The attacker will demand that your business pay a ransom for the return of control. In some cases, attackers may threaten to publish sensitive data if payment is not made.
The results of a ransomware attack are devastating. It can take years to recover from an attack if your company survives at all. Smaller businesses often don’t have the funds to pay the ransom and ultimately choose to close their business. Many organizations quietly pay the ransom, but that doesn’t guarantee the safe return of your data. In addition to the price of the ransom, there are legal fees and other costs associated with damage control. Although significant, the financial costs are only a portion of the damage that ransomware causes. Once you’ve experienced a breach, it isn’t easy to regain your reputation and trust.
Below are some steps that your business can take to improve your cybersecurity posture and minimize the effects of a ransomware attack.
Risk Assessment
Identifying and addressing your vulnerabilities is one of the first steps in increasing your cybersecurity posture. Running regular vulnerability scans will determine if your system has weaknesses that can be exploited by attackers. Common vulnerabilities include missing security updates and misconfigured systems.
Penetration testing is another way to measure your company’s weaknesses. During a penetration test, your IT partner will simulate the behaviors of an attacker by using strategies such as phishing. The test will identify gaps in your systems, risky user behavior, and the types of cyberattacks most likely to breach your organization.
Perimeter Security
A remote work environment is becoming the new normal, which means perimeter security is even more essential to preventing ransomware attacks. Perimeter security is no longer confined to just the office. Now perimeter security extends to managing endpoints and users’ home networks. Users are connecting to your company network from multiple devices, including personal devices. Your business needs to control, monitor, and inspect all outgoing and incoming network traffic to maintain perimeter security. The following solutions increase network security:
Endpoint Detection and Response
For many businesses, personal devices are becoming another entry-point to corporate data. An endpoint detection and response (EDR) solution allows your IT team to monitor activities at every endpoint in real-time. An EDR can analyze data and notify your IT team if there are potential threats, allowing your company to respond proactively to potential risks.
Virtual Private Network
The internet is one of our most valuable tools, but unfortunately, attackers look for vulnerabilities as we use the internet. A virtual private network (VPN) allows your business to maintain security and privacy. A VPN creates a secure tunnel for your information to travel from your device to its destination, making it more difficult for attackers to read or access your data as it travels to and from each point.
Firewalls & Intrusion Detection Systems
Firewalls and intrusion detection systems (IDS) provide network security by analyzing incoming and outgoing traffic. Firewalls block and limit the traffic that seems malicious. Intrusion detection systems notify your IT team if they detect activities that pose a threat. Smaller companies may want to consider replacing users’ home routers with more secure single office/home office firewalls.
Email Security
Email is a vital component of business functions. Email contains highly sensitive information about your company and partnerships. If your email were to stop due to a ransomware attack, so would your business. Email security solutions add security by preventing incoming emails that contain spam, phishing, and malware. This solution also allows you to share emails with sensitive information more securely.
Active Monitoring
If you’re not actively monitoring your IT infrastructure, attacks can go undetected for months. A security information and event management (SIEM) platform can identify and aggregate incidents and events that may be harmful to your IT infrastructure like a ransomware attempt. To fully benefit from a SIEM platform, you need a dedicated team actively monitoring your IT infrastructure. Active monitoring allows your IT team to respond in real-time to any potential threats or attacks.
Security Awareness Training
Education is a critical component of cybersecurity. Risky user behavior is one of the top risk factors for your cybersecurity posture. Human behavior is often predictable, which is why attackers find it so easy to exploit. Common user vulnerabilities include weak passwords, clicking on dangerous links, responding to phishing emails, and not running necessary updates.
Security awareness training teaches users cybersecurity strategies like how to identify malicious links and emails, how to create strong passwords, how to set up automatic updates, and protocols for notifying IT of suspicious content or activities.
Policies & Response Plans
Clearly defined policies and procedures are the foundation of good cybersecurity posture. Your business should address the following when creating policies and procedures:
Response Plans
Identify multiple scenarios that could affect your business continuity. Create a response plan for each situation. Remember to update your plans as your business grows.
Notification Plan
If someone discovers a threat or breach, they should know who to notify in your organization. Create specific protocols for what to do and who to tell when someone notices a cybersecurity incident. Make sure you include all necessary stakeholders (e.g., executive management, legal team, or compliance) Keep in mind, many compliance standards have specific guidelines on the time frame for notifying stakeholders.
Access Management
Properly structured user roles and permissions are the difference between an attacker having access to one folder or all company data. Access management refers to user rights and the controls that manage the levels of access to organizational information and systems. To improve security include the following in your policies and procedures:
- Require users to have strong passwords.
- Schedule regular password updates.
- Use multi-factor authentication (MFA). MFA requires a password and at least one additional form of authentication, such as an application or code via text message.
- Limit user access to the minimum necessary to complete their required tasks.
- Immediately update privileges for personnel changes, e.g., terminations and transfers.
Business Continuity
Unfortunately, as attackers become more sophisticated in their attacks, a breach is less about if and more about when. Proactively creating business resiliency plans and procedures will help your business maintain continuity during or after a ransomware attack. Without a resiliency plan, your business could experience downtime, loss of revenue, or worse.
Backups
Setup automatic daily backups. You can increase the backup frequency depending on your business needs. Cloud-based backups provide geo-diverse redundancy, which ensures that your business has access to essential data if you experience a failure or attack.
Disaster Recovery Plan
A disaster recovery plan includes the processes needed to keep your business running in the event of an attack or failure. Start by keeping an up-to-date inventory of all your data, including storage locations. Note some compliance standards require an asset inventory. If you are locked out of your primary system, having redundancy allows you to switch to another system temporarily. Most importantly, don’t just have a plan, test it. You don’t want to discover the gaps in your disaster recovery plan while a breach is occurring.
Cybersecurity can be complicated and overwhelming, but you don’t have to do it alone. Cortelligent is focused on keeping your business secure and aligned with compliance standards so you can focus on what really matters. Coretelligent has years of experience working with clients in financial services to increase their cybersecurity posture. Contact us at 855-841-5888 or via email info@coretelligent.com to learn more about CoreArmor, our comprehensive cybersecurity solution, and CoreBDR, our backup and disaster recovery solution.
For more information about access management read our blog, The Importance of Access Rights and Controls to Cybersecurity.