Ransomware - IT Governance Infrastructure Key to Protection
Protection from ransomware attacks drives re-vamped IT Governance Infrastructure. To start, IT Governance moves organizations and C-Level executives to follow five steps to help them better prepare for Ransomware attacks.
Assess risks – have a clear understanding of what they are defending against
IT Governance Infrastructure mandates the enterprise keeps up to date with types of ransomware attacks. They need to understand how ransomware organizations operate, what their primary attack vectors are, how malware is inserted into networks, and what the cyberattacks does.
Recent experience shows that ransomware is driven by criminal organizations that are complex coalitions of specialists ranging from malware developers to target acquisition specialists, financial experts who set ransoms, and money launderers who process payment. Some of these organizations attack directly, and others sell their services Online to affiliates who leverage technologies and lists of pre-compromised organizations in exchange for a cut of any profits.
Implement monitoring tools - take preventive measures and implement recovery paths
Design risk mitigation into networks. Look at monitoring tools as the first step is to design vulnerabilities out of the network.
“World-Class” IT Governance Infrastructure mandates implementing robust cyber hygiene protocol to patch and update every network device or engage in “hot patching,” whereby devices that cannot be updated are either isolated or directly protected by advanced security technologies. Network access controls be defined to ensure every device seeking admission to the network is patched and is running appropriate security software. Design in zero trust networking and intent-based network segmentation ensure that users and devices can only access predetermined resources, so malware cannot move laterally across the network. Ransomware is increasingly holding data hostage, threatening to release customer information or research data to the public if a ransom is not paid. Protection needs to focus on data at rest and it should be encrypted. Data backups need to be “air-gapped” and kept off-network, along with any hardware required to restart the network.
Implement essential security technologies – do not over complicate solutions
Avoid over implementations that can complicate the process of correlating threat intelligence which detects an attack and limits the ability to launch a coordinated response.
Not only do organizations need to select a portfolio of tools designed to protect all attack vectors, but those solutions also need to operate as part of a unified security fabric. Secure web gateways and secure email gateways are essential to detect and stop ransomware before it enters the network or lands on an end-user’s device.
Advanced security tools like Next Generation Firewall (NGFW), Corner Bowl’s File Integrity Monitoring (FIM), Extended Detection and Response (XDR), User and Entity Behavior Analytics (UEBA), Zero Trust Network Access (ZTNA), and Secure SD-WAN must be part of any organization’s IT Governance Infrastructure for security. And ensure that security is consistently applied, especially for remote workers, access points and devices.
Create a Business Continuity Plan which covers recovery from a Ransomware attack
Detection technologies are useless if it takes IT teams too long to figure out what to do next. Recovery and protection from future similar attacks protocols need to be defined and in place.
“Center Post” responsibilities need to be defined. These individuals need to be given the authority and tools required to act. Critical data and systems need to be prioritized. Infected systems need to be “air-gapped” to separate infected systems from the rest of the network. Pre event back-ups and recovery processes need to be in place to replace infected systems and restore them with clean backups from off-network. Testing of the process needs to occur regularly.
Train everyone on the security team - include all organization levels
IT Governance and security needs to encompass everyone from the chairman of the board to the lowest level employee and contractor. Everyone needs to undergo regular training to understand security risks, including phishing. Create a cohesive security strategy. And make sure that you are actively engaged in threat sharing with others in your region and market.