With last year’s devastating WannaCry virus in the rear-view mirror, you may be inclined to breathe a sigh of relief. However, the threat landscape is just as treacherous as ever. Staying in the know and being prepared is the first step to protecting your business.
Check out the excerpt below from our partner, Fortinet, for 10 best practices for outsmarting ransomware. Their full article can be found here.
10 Best Practices
The “attack on all fronts” strategy that cybercriminals have developed has been especially effective. Not only are they developing new attack vectors to exploit the expanding attack surface created by digital transformation, but they have also been using the tried and true method of targeting older, known vulnerabilities that IT teams simply don’t have the time to address.
To defend your network from such multi-pronged attacks, you need to develop a back-to-basics, methodical process to reduce the number of possible attack avenues that your organization is exposed to. This includes:
Inventory all devices
Discover and then maintain a live inventory of what devices are on your network at all times. Of course, this is hard to do if your security devices, access points, and network devices can’t talk to each other. As IT resources continue to be stretched then, an integrated NOC-SOC solution is a valuable approach to ensure that every device on the network is identified and monitored.
Automate patching
The recent WannaCry breach makes clear that unpatched systems continue to be a primary conduit for attacks and malware. Which is why, as much as possible, you should develop a process for automating your patching process.
Segment the network
What will you do when your network is breached? It’s a question every security professional needs to ask. Because when it is, you want to limit the impact of that event as much as possible. The best first line of defense is to segment the network. Without proper segmentation, ransomworms like WannaCry can easily propagate across the network, even to backup stores, making the recovery portion of your incident response (IR) plan much more difficult to implement. Segmentation strategies, including microsegmentation in virtual environments and macro-segmentation between physical and virtual networks, allow you to proactively and dynamically isolate an attack, thereby limiting its ability to spread.
Track threats
Subscribe to real-time threat feeds so that your security systems can be on the lookout for the latest attacks. When combined with local threat intelligence through a centralized integration and correlation tool, such as a SIEM or threat intelligence service, threat feeds not only help organizations better see and respond to threats as soon as they begin to emerge in the wild, rather than after you have already been a target, and even begin to anticipate them.
Watch for indicators of compromise (IOCs)
When you can match your inventory to current threats, you can quickly see which of your devices are most at risk and prioritize either hardening, patching, isolating, or replacing them.
Harden endpoints and access points
Make it a rule that any devices coming onto your network meet basic security requirements and that you actively scan for unpatched or infected devices and traffic.
Implement security controls
Apply signature and behavioral-based solutions throughout your network in order to detect and thwart attacks both at the edge of your network as well as once they have penetrated your perimeter defenses.
Implement security automation
Once you have locked down those areas you have control over, apply automation to as many of your basic security processes as possible. This frees your IT resources to focus on higher-order threat analysis and response tasks that can protect you from the more advanced threats targeting your organization.
Back up critical systems
The most important thing you can do when dealing with ransomware is to make sure that you have a copy of critical data and resources stored off-network so you can restore and resume operations as soon as possible.
Create an integrated security environment
To make sure that all these security practices are seamlessly extended into every new network ecosystem you bring online, you need to deploy security solutions that are fully integrated as a security fabric to enable centralized orchestration and analysis.
Protect Your Business
ADKtechs has the experience and partners to make your company secure.