5 Ways to Prevent a Ransomware Attack in 2021
Published: June 2, 2021
Ransomware is here to stay.
In recent months alone, we’ve seen major cyber attacks and ransomware attacks targeting corporations in industries across the board – from oil pipelines, to meat packing. The average cost of a data breach is $3.86 million as of 2020 – making it crucial that businesses prevent these attacks before they happen.
Shawn Taylor at Dark Reading has laid out 5 excellent cyber security tips to prevent a ransomware attack on your business:
1. Basic Cybersecurity Hygiene.
Improving basic cybersecurity hygiene is the #1 defense against any type of attack, including ransomware. This is the cybersecurity version of many people’s New Year’s resolution to “get healthy.” Cybersecurity hygiene can mean a lot of different things, but a good place for companies to start is by making sure they have strong vulnerability management practices in place, and that their devices have the latest security patches. They can also make sure they are taking basic security precautions, which are often also important for regulatory compliance, like running up-to-date antivirus software or restricting access to systems that can’t be made compliant.
2. Penetration Testing.
Companies that already have much of the basic hygiene in place can take the additional step of working with penetration testers to further ensure that anything Internet-facing in their organization is protected. By finding what means attackers could hack, security leaders can fix those areas before bad actors find them.
A data breach can cost your business $3.86 Million
3. Board Discussions.
Cybersecurity is increasingly becoming a board of directors-level issue. That’s because an attack can have a significant impact on a company’s revenue, brand, reputation, and ongoing operations. However, it’s worth having a specific board-level conversation about ransomware to ensure they understand the specific risks it could pose to the business, and that there is budget made available to prevent or limit the damage of an attack. That discussion will prove critical if the company wants to implement added protections, such as improved cyber hygiene, or put in place automated reactive technologies to limit the spread of an attack.
4. Tailored Training.
There is one vulnerability that has proven effective again and again as an entry point for attack: people. You can buy all the latest and greatest cybersecurity technology, but if you aren’t training your employees in basic cybersecurity or how to respond during an attack, then you’re leaving yourself vulnerable. Training to prevent ransomware starts by teaching employees to recognize phishing attacks and what to do if they suspect one. This is important because – even though many users have gotten better – phishing remains one of the most effective ways for an attacker to breach an organization. Teaching users to validate URL’s or avoid clicking on links or attachments altogether can go a long way toward protecting against all types of attacks.
5. Limit the Scope of an Attack.
Ransomware resolutions should include not only preventing an attack, but also taking steps to minimize the damage of a successful one. That starts with having tools in place that can identify the behavior patterns and heuristics of an attack and begin to automatically isolate and remediate those systems when indicators are flagged. It also means embracing tools such as network segmentation that can prevent the lateral movement of an attack across the network.