National Cybersecurity Awareness Month—Remedies for Today’s Common Threats
October 18, 2019 |
Security
In our third Cybersecurity Awareness Month blog, Thomas LaRock explains how good backup and email protection could help save your bacon if the worst happens.
An executive at your company sits down at their computer. They try to get to work, but they can’t access their laptop unless they pay a small fee via Monero, a cryptocurrency popular among cybercriminals. When they make that frustrated (or panicked) phone call to your team, hopefully you have a remedy for the ransomware virus they have. If you don’t, you may lose face in the organization.
You must be prepared to handle these attacks. As much as cybercriminals innovate, they still have a common toolset they draw from when attacking businesses. From ransomware to email-borne attacks, you need to be prepared. That’s the subject of today’s National Cybersecurity Awareness Month post—common threats used by cybercriminals and what you can do to fight back.
When it comes to ransomware, you either need good backup or a good resumé. The choice is yours.
Ransomware has been the scourge of the IT industry for several years. Some people predicted ransomware’s demise last year, particularly with the rise of cryptomining-based attacks; but those people were wrong. As Dalton from Road House would say, “It will get worse before it gets better.” Ransomware is alive, well, and always ready to rear its ugly head.
For example, many modern ransomware variants delete local backups so people can’t easily recover their data. If you want to keep your users happy and avoid any hand wringing over lost productivity (or money), you’ll need a good backup solution that stores your data in a safe cloud environment. Additionally, this solution should be built to handle the unique challenges of the cloud, such as optimizing for fast data transfers. This should let you restore continuity fast after a ransomware attack, with minimal disruption to the business.
Additionally, when removing the ransomware infection, make sure to check that the system truly has been cleansed. You may remove the ransomware, unaware the attack also left behind a keylogger. Over time, they can steal passwords or other important company secrets. The ransomware infection could be the first step in a multiphase attack that maximizes the criminal’s payday. Additionally, you may want to consider employing an endpoint protection solution instead of simple antivirus. These solutions use AI and machine learning to look for odd behavior, so you can detect the initial ransomware infection and hopefully catch other malicious files left on the system after you remedy the ransomware.
Preventing email threats doesn’t stop at the inbox. Disable links, block bad web domains, and segment networks to contain damage.
It’s no secret that email is a common attack vector for cybercriminals. Email communications are common, and creating a strong email forgery isn’t overly difficult. Most cyberattacks are delivered via email. For that reason, it makes sense to have a strong email-security-and-filtering solution in place.
You can’t just stop with strong filtering. Some emails still slip through, even with the best email security products in place. This is where other defenses come into play. For starters, try to set your systems up to disable suspicious links and block fishy attachments (such as those with hidden executables in a compressed file). You could also set rules to block specific extension types, like .exe files, to further reduce the risk of someone accidentally downloading malware.
Another important countermeasure involves using a web filtering solution to block bad domains. If someone clicks a link that points to a URL that’s a known phishing trap, web filtering should prevent them from landing on the site. Web filtering helps regardless of how users land on the site—whether they click a bad link from a search engine or receive a social-media-based phishing scam.
Finally, make sure to set up your network to prevent lateral movement if something does land—and to cordon off any areas with highly sensitive data or risky assets. It’s tempting to put everything on one network, but a little planning can help you contain damage if an attack occurs. Focus on the most valuable assets here, and keep them separate from the primary network. This way, if someone gets onto your main network, you can either keep them out or slow them down from getting to valuable assets, like important servers or backups. Just remember, security requires multiple layers—so protect your users’ inboxes—but also try to think outside the inbox.
Today’s threats need the right tools
Cybercriminals certainly do innovate and try new styles of attacks; however, most threat actors use tried-and-true cyberattacks to hit their victims. With the right tools, you can fight back against the most common threats and keep a strong reputation within your organization.