Beazley Insurance just released their Beazley Breach Insights report, which found that ransomware attacks more than quadrupled in 2016. What’s even more alarming is that they predict this number, already at an all-time high, will double again in 2017! Helping fuel this growth is the addition of new Ransomware variants. Several security research firms have reported that as many as 10 new ones were introduced every month in 2016! Researchers have also uncovered some variants that offer Ransomware-As-AService, which allows almost anyone to conduct a vicious ransomware campaign against the target of their choosing.
Why have ransomware attacks been exploding? Quite simply, they work. Ransomware attacks target most companies weakest link, the employees. In fact, ransomware attacks have been so successful it is estimated that the total cost of ransomware attacks for 2016 will top one billion dollars, according to the Herjavec Group.
While these numbers are quite alarming, there are various steps your organization can take to help minimize the risks and costs associated with ransomware.
Listed below are six steps your organization should take to protect itself against ransomware:
Security Awareness Training
Employees should be made aware of the dangers associated with ransomware as well as the possible consequences. While most organization’s conduct annual security training, those that perform security training more frequently and send out monthly reminders perform better against ransomware attacks.
Spam Filter Testing and Tuning
- It’s no secret that spam filters aren’t 100% reliable and those in the industry expect some emails to slip through. However, it is beneficial to conduct regular tests against your company’s current spam filter rules to ensure they are effective in stopping some of the latest variants of ransomware attacks.
Web Filter Testing and Tuning
- Many ransomware attacks attempt to lure users to a malicious website and infect their machine due to unpatched vulnerabilities or by having the user download and run a malicious file. Keeping your web filter updated with known-bad websites and maintaining a strict filtering policy, significantly reduces the amount of success a ransomware attack might have.
Principle of Least Privilege
- Most employees do not require ‘Administrator’ rights or rights to install software, yet most employees have these permissions. Assigning users the least amount of privileges required to do their job can greatly reduce the chances of a ransomware attack being successful. Even if the user is tricked into downloading the malicious file, they will be unable to install it and infect their system.
Application Whitelisting
- While this method is generally seen as a very labor intensive undertaking, it is also one of the most effective solutions at thwarting ransomware attacks. By allowing only approved, ‘whitelisted’ applications to run in your company’s environment, virtually all malicious ransomware files will be blocked from running. Application whitelisting provides many security benefits when implemented correctly.
Test Your Backups
- While this does not help in preventing a ransomware attack, it can make recovering from one much less expensive. Typically, attackers will encrypt a user’s files and hold those files for ransom. Having known-good backups can allow an organization to wipe the machine, ignore the ransom request, and restore their data from their backup.
If you have questions about any of the steps we’ve provided here, or about your information security program initiatives, let’s talk. Visit our Contact page to get in touch.
