The threat of ransomware persists. As outlined in the Intel 471 Year in Review paper, the the USA is by far the most targeted country in the world facing 39% of total attacks. In comparison, the UK comes in at a distant second at 9%. Additionally, new variants are on the rise, with LockBit 2.0 and LockBit 3.0 commanding the most attacks last year.
The story sounds redundant, but the threat remains. Instead of panicking or purchasing unnecessary high-cost security protection tools, the expert security team at PTP has five key recommendations to follow to drastically reduce your risk of business disruption due to ransomware.
1. Patch. Everything. Create a Vulnerability Management process and take the results seriously. That fancy light controller for the office, yep, it can be hacked. That Windows 2008 server could cost you your business. That FedEx printing computer in the office supply room is connected to the network. Bad actors are looking for the easiest way into your environment, and those unpatched, easily compromised devices connected to the network are just that.
2. Backups. Ensure that functional, off-site backups exist following the 3-2-1 rule. PTP works with several backup technology providers to deliver backup services as an MSP and are a Veeam VCSP. Our colleagues at Veeam offer this explanation on the 3-2-1 Backup Rule.
3. Business Impact Analysis. Perform a business impact analysis with the business owners and the C suite. Understand what is important to the business and what can afford to be lost if needed. If part of a NIST 800-53 Self-Assessment, this would be the “Identify” area of focus.
4. Incident Response Plan. Verify that an incident response plan exists, is accessible to key team members offline, and includes the scenario of complete loss of IT functions and networking. You may be asking, “but why, everything is in the cloud?” Cloud and massive service outages happen. What if the company was locked out of O365/Azure AD or Okta?
5. EDR & DNS. Install and maintain an EDR and one other layer of protection like DNS filtering or egress traffic control. The DNS filtering keeps your employees from getting to known malicious URLs, while the EDR is the last line of defense to identify, block and/or quarantine malware.
Rich Hauke, CISSP & Gary Derheim
On-Demand Webinar: PTP/Carbonite/Fluency – Crafting a Plan to Combat Ransomware
Original Webinar hosted 8/18/2021