Three Ways To Survive A Ransomware Attack
There’s been a great deal of talk about the recent WannCrypt/WannaCry ransomware attack. The virus targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin. The result was more than 230,000 computers in more than 150 countries hit, including FedEx, the UK’s National Health Service, Spain’s Telefónica and others.
The biggest issue for those affected was that it all could have been avoided. Microsoft issued a “critical patch” for its newer operating systems nearly two months before to remove the underlying vulnerability. In other words, improper network management was the bigger culprit in this incident.
Take the lessons to be learned here. More to the point, here are three ways that companies can ensure the likes of a WannaCry-type of attack doesn’t wreak havoc on their organization.
Be Diligent In Security Updates
Establish processes to upgrade equipment systematically. This doesn’t mean to accept updates or set your gear to download modifications automatically. Nevertheless, your company should formalize stated policies and procedures that consistently looks at updates and their potential impacts — both good and bad — to your network. Prioritize which ones — especially ones deemed “critical” — to implement. Set up a “proof of concept,” or test environment, before going live with any updates.
Identify Roles and Responsibilities By Name
Highlight specific individuals by roles, job duties and the equipment they manage. This also helps orchestrate how data will flow through the network. Go a step further by empowering your team to take ownership of particular aspects of the network and incentivize their efforts to keep it operating in a highly efficient and protected environment.
Segment Your IT Network
Should a hacker infiltrate one area, it is far less likely their disruption will spread across your entire landscape. Segmenting the network can also make it easier to maintain your IT infrastructure. You’ll detect abnormalities, such as an unusually high level of activity or traffic at odd hours, faster and create fixes for them in quicker fashion.
As important, though, is how your organization segments its IT assets. Don’t arbitrarily decide what equipment and data are housed in one area versus the other. Keep servers and workstations separate. Doing otherwise defeats the purpose of segmentation. Otherwise, a user who takes a phishing bait will allow the perpetrator to bypass all protective firewalls and access to the entire server farm in short order.
While we don’t know when the next attack will come, it will be prudent to surmise that one is coming and organizations that haven’t keep a keen eye on their system’s network vulnerabilities will become victims.
About the Author: Efrem Gonzales is the Founder and CEO of Tec-Refresh, a nationwide provider of IT infrastructure, cyber security, data and networking solutions and support services. He can be reached at firstname.lastname@example.org.