Ransomware – When, How? And How to Protect Your Business
Ransomware – When, How? And How to Protect Your Business
(By Taslim Khan. This article was originally posted in the This is Queensborough – July 2023 Edition and has been slightly amended for this format)
Ransomware is not a question of IF, rather When. It is not our intention to create unrest or panic among
businesses and the readers; rather to prepare you – Ransomware attacks are a reality today. Businesses of all sizes are targets. A small firm with 5 employees is just as much a target as the large multi-billion-dollar companies such as Target, Sony, T Mobile, YUM Brand (KFC, Taco Bell, Pizza Hut). 60% of the Small to Medium Businesses (SMB) have experienced a data breach. However, be assured that all businesses are under attacks of ransomware. Even municipalities and city governments had to pay large ransoms to free their network. The list, very unfortunately, is long and only growing. To the threat actors – dollar is green – from every source – large and small – private, government, for profit, non-profit – Ransomware is an equal opportunity offender.
HOW & WHEN?
So, let’s take a look at how Ransomware works. In almost every case, there was a sleeper agent that got into a network, typically 6-12 months before the actual attack was initiated. This agent/malware monitors all the traffic and analyzes data. The Threat Actors – the bad guys – gather all the critical business and financial data – including daily financial transactions, deposits, bank balance etc. Once enough information is gathered and a plan of attack is solidified – the attack takes place.
90% of the Ransomware attack gets initiated through an email. Typically, an email is sent to many users on the network. The email is spoofed and made to look like it was sent from a reliable/trusted source. It could be made to look like it is coming from the CEO or the CFO of the company with their name on the email address. With an embedded link and instructions – such as “Hey Joe, yes this invoice is approved – please remit payment” Once that link is clicked – BOOM. The network and the server(s) are completely locked down. A message will appear on the user’s screen with instructions to make ransom payment. Unless that payment is made – the network stays locked, and your business comes to a screeching halt.
Also: Qualifying for cyber security insurance – Part 2: Going Down The Checklist
How to protect your business?
How to protect your business?To secure your network & protect your business, a multi prong approach is required.
First, you must consider Managed IT infrastructure/service from an MSP (Managed Service Provider)
& Disaster Recovery as a Service (DRaaS) + Backup as a Service (BaaS) from an MSSP (Managed
Security Service Provider). Both these companies must maintain geo-diverse multilocational SOC or Security Operations Center, preferably with global locations.
Extra man power
These MSPs and MSSPs are manned by 40-50 security engineers & specialists per location. They monitor all traffic and the end points that are deployed and in production – in real time – 24/7/365. Eyes on the glass round the clock – all threats are dealt with and mitigated in real time before they reach your network. Your business infrastructure is always monitored and protected and the guys & gals protecting it are nerver closed – not on Christmas and not on New Years Eve.
This is the maximum protection your dollars can buy to secure your assets and protect your business. The security fortress can be quite elaborate and multi-layered. However, there are some absolute basic necessary measures that must be implemented.
They are as follows:
For your network:
- Next Generation Managed Firewall – for your entire network infrastructure,
- End Point Detection & Response – for all your server, desktop & laptops,
- Threat Intelligence Management Service – this will block all known threats before they can infiltrate your network/firewall.
For Back-up and Disaster Recovery:
- Backup as a Service (BaaS) & Disaster Recovery as a Service (DRaaS) – for your server,
Backup as a Service (BaaS) – for your emails.
Again, network security is like Swiss cheese. There are lots of holes in it. There needs to be multiple layers of services from multiple different vendors to secure your network. How deep you want to go is up to your threat and risk tolerance.
Implementing the above services will significantly improve your security posture and protect your network. However, if you have been mandated to implement stricter security measures or cyber security insurance, then you may have to implement further network security measures. Please consult a Cyber Security Specialist to discuss your options.
