8/13/2021 - By Joshua Duncan
From oil pipelines to government agencies, software vendors to hardware manufacturers, insurance firms and even video game developers, each of these industries have something in common. In the last six months, headlines have been made around ransomware attacks targeting businesses and government agencies within each of these industries with seemingly no discretion. On May 7th, Colonial Pipeline was attacked successfully, causing disruption to oil flow in a large portion of the Southeast. A few months prior, the video game developer, CD Projekt Red, suffered a ransomware attack that compromised the code for several of their popular titles and stopped their work for over two weeks. The list goes on and on, and you may be thinking to yourself, “If they couldn’t protect themselves from this, how can I?”. That’s a reasonable question to have, especially considering some of the big names we have seen come up over the years.
Fortunately, as is the nature of the cybersecurity world, the frequency and effectiveness of these attacks have spurred the industry to develop and enhance systems to negate, counter or even prevent attacks from a ransomware group. New backup systems with the ability to detect a potential attack and isolate your data, authentication systems that can detect suspicious logins, and antivirus systems that can be alerted to a new virus within hours or even minutes of its first release are just a few of the innovations we’ve seen developed in response to these attacks.
Knowing what steps you can take to prevent or mitigate a ransomware attack is half the battle.
End-user education is always the first stop when it comes to securing your infrastructure. Most security breaches do not originate from intentional malicious actions by employees or competitors. In most cases, the original breach starts with an end-user unknowingly clicking a link in an email, sending or entering sensitive information such as passwords outside the organization, or bringing in a compromised devices unknowingly to their network. This can happen at any time, and while there are security systems in place to detect and prevent these scenarios, the best frontline against this type of compromise is an educated user base. Many companies offer outsourced end-user education and other services, such as testing for security competencies and simulations of an actual attack. These services can give you a better idea of where your weaknesses are and how you can improve them.
More often than not, if a ransomware attack does occur on your network, the actual servers and computers that contained the virus will have to be completely wiped and reinstalled from scratch to guarantee that the virus doesn’t resurface. This is where your chosen backup system would come into play. There are countless backup systems available on the marketplace, but there are a few things in particular that keep a backup safe in an attack. The first, and often the most overlooked, is the ability to air gap your production data from your backup data. This means storing your backups outside of your network when they’re not actively being used, i.e., a cloud backup set. If your backup data is only stored on a local device, ransomware can spread to that device rendering your backups useless. The second is the ability for your backup system to detect mass file changes. A backup system with that ability can often alert your team of the infection before it would have been found, helping them stop the spread.
Having a well-thought-out authentication system will greatly reduce your attack surface. For example, requiring more than one method for you to identify yourself is a must. Anyone can have their password stolen and be unaware of it, so requiring a code that is texted or emailed to your phone not only prevents access to a system with a compromised password but can also tip you and the IT staff off in the case of a lost password.
To add to that, if your company is based in the United States and all your employees reside there, is there any reason to allow logins to your system from another country? Do you really need to allow logins from outside your office? Restricting where and how you can access your network seems like a simple change, but it has a significant impact on potential vulnerabilities and can truly protect your firm from an attack.
The cybersecurity world is proving to be the area that deserves attention if you want to protect your company and clients. Your company needs to continuously review its systems for any weaknesses and investigate the proper cybersecurity tools to avoid the damage of cyber-attacks. The time to invest in cybersecurity systems is now.
Join our email list to receive updates as they are released!
About the Author | Joshua Duncan
Joshua is an IT manager in the Information Technology Services Department of Saltmarsh, Cleaveland & Gund. He has over eight years of experience in providing end-user support, server management, and security services. Joshua’s areas of expertise include implementing new technologies and creating solutions to resolve information technology issues for businesses across various industries such as non-profits, construction, and healthcare. Prior to working at Saltmarsh, Joshua was a system administrator for a national environmental corporation where he provided network support.