This weekend saw the largest ransomware attack in history. It spanned the globe and compromised thousands of organizations both public and private. Needless to say, ransomware is becoming a household name.
I’ll keep it short and sweet. There are hundreds of articles out there already explaining the threat in more detail, depth, and technical accuracy than I’m likely to be able to, so I’ll just get to the basics and leave you to seek more information if you desire it.
Nobody is ever 100% safe. The best locks can be picked, the best alarm systems bypassed. That doesn’t mean you shouldn’t lock your doors and set your alarm.
There are three primary activities that every organization should be following to reduce risk by a very considerable degree.
- Keep your systems and software patched. Patch often and early. Monthly patch schedules may not be cutting it anymore. Consider a weekly or daily schedule, if your organization can tolerate the regular downtime.
- Deploy and manage a decent antivirus. They won’t always catch everything, but make sure you are alerted when it does catch something.
- Last, but most importantly, make sure your data is backed up! When it comes to ransomware the name of the game is keeping you from your data. If you have an offsite copy that hasn’t been impacted then there’s no need to pay a ransom. It may be a last line of defense, but it is a good one and arguably the most reliable.
If that’s not enough for you, consider these additional steps you can take to protect yourself and your organization.
- End-user security awareness training may be one of the best investments you can make. In addition to trying to stop the technology, you can train your end users to be ever vigilant. There are tools you can use to setup automated phishing tests that try to catch your users off guard on a regular basis. Simply knowing that you are watching will keep them on their toes. AKUITY has good success with KnowBe4 both at our clients and with our own users as well.
- Anti-crypto tools are targeted specifically against ransomware. Traditional antivirus, while still needed, isn’t that great at stopping ransomware because it does not behave like a traditional virus. There are specialized anti-crypto tools that don’t try to identify the software but instead look for the rapid disk writing behavior associated with ransomware encryption activity. Sophos Intercept-X is a great example. Don’t want to change to Sophos Antivirus? That’s OK, you can layer Intercept-X on top of your existing antivirus.
When it comes down to it, the world is a big scary place, constantly throwing new threats at us. You can never be 100% sure you won’t get caught by one of these threats. What you can do is stay vigilant, stay up to date, and take precautions to protect and backup your data. We may not be able to eliminate the threat but we can do much to cut down the chances and reduce the damage of it does strike.
Stay safe out there!
Originally posted at https://www.linkedin.com/pulse/another-ransomware-post-makes-me-wannacry-craig-anderson/