Tim Simons, UK Security Product Manager
It seems that every few months all over the world we are hearing public and private sector organisations facing cyber-threats and data breaches. From large enterprises, to charities to the NHS, cyber criminals do not discriminate.
And while our heads may be turned towards the progress of the COVID-19 pandemic and getting back to ‘normal’, cyber criminals still have their focus on infiltrating business systems and, most importantly, business data.
Tip 1: Prevent malware from being delivered to devices
To develop a more resilient ransomware strategy, organisations must focus on preventing malicious content reaching their network. The NCSC advises improving the resiliency of ransomware strategies by implementing effective mail filtering technologies.
Ransomware typically gains a foothold in an organisation via phishing emails to staff, leading them to fake websites to enter credentials or through malicious code or attachments. Overwhelmingly, 92% of malware is delivered in this way, but attackers can also gain entry via vulnerabilities in the network through unpatched or poorly configured systems.
With more users working remotely and on the look-out for important communications, cyber criminals are leveraging this situation. They’re using social engineering campaigns specific to COVID-19, but also increasing traditional phishing activity.
Proact’s Anti-Phishing service offers mailbox-level email security, adding a greater level of defence for detection and response of phishing emails. With a click of a button, users can easily report suspicious emails to Proact’s 24/7 Security Operations Centre (SOC) for full investigation.
Tip 2: Limit the impact of infection and enable rapid response
Among other practical advice, the NCSC recommends keeping up-to-date with infrastructure patches and developing an incident response plan. Prevention is not always possible, however organisations do have control over their incident response strategy.
When a cyber-attack occurs, it can be many weeks before the initial breach has been identified or the impact becomes apparent. However, the faster the response, the more likely organisations will be able to recover quickly from an attack.
That’s where our team can help. Through Proact’s SIEM-as-a-Service, we work with a number of organisations to improve their team’s ability to detect and respond to these threats, resulting in a more resilient strategy.
Our SOC analyses and monitors threats on a 24/7 basis and presents key threats on a simple and easy-to-manage dashboard. We enable organisations to reduce risks and save critical time in the identification and remediation of ransomware.
Tip 3: Prevent malware from running on devices
Attackers can force their code to run by exploiting vulnerabilities in the device. File shares are a high-risk area, and these systems have a blind stop when it comes to ransomware and visibility of user behaviour.
To prevent this, the NCSC recommends organisations use device-level security features (such as, only permitting applications to run from trusted app stored), and keep devices well-configured and up-to-date. However, this can be very time and resource-consuming. Vulnerability assessments can do all this legwork for you and more. With Proact’s fully-managed service, our SOC regularly performs scans and will highlight weaknesses before they become a problem. Our team of experts will also provide actionable intelligence, telling you which are most urgent along with advice on how to fix them. If you’re already a NetApp customer, Proact offers CryptoSpike – a simple, affordable ransomware defence designed specifically for NetApp file systems, through protection, detection and fast recovery.
Tip 4: Make regular backups
The NCSC recommends several tips to ensure you have up-to-date backups of important files. This includes making regular backups and knowing how to restore files from the backup. As well, they recommend removing the access of backups, which can be achieved through a hosted service away from an organisation’s datacentres.
Through Proact’s Backup-as-a-Service, our team supports organisations to improve the resiliency of their ransomware strategy in regards to having a backup facility in place to quickly recover from a ransomware incident. Our platform provides an offsite copy of your data, that would remain uninfected during a ransomware attack.
Proact’s BaaS platform operates in a completely standalone fashion from an administration point of view, from the customer network. Ensuring that even if customer data is compromised, the copy with Proact is out of reach of any attacker.
Rounding it up
So at a time when organisations are moving their operations online and into the cloud to ensure ‘business as usual’, cyber security is more important now than ever. Ready to speak to one of our experts? Contact us to book a call