Does ransomware respect the holiday season? With ransomware attempts attempted every 14 seconds, attackers are unlikely to take days off. The threat of ransomware continues to grow, and in the first quarter of 2019, researchers saw a 118% increase in malware strains. Behind these numbers are syndicates of cybercriminals who continue to push ransomware onto corporate networks. We believe the following security holes could increase the potential for your business to fall victim to a ransomware attack.
7 Signs That Your Organization is Potentially at Risk of a Ransomware Attack
1. Keep legacy systems on the Infrastructure
Often, companies have an operating system that has not been upgraded for various reasons. In terms of security, this can lead to risks. The majority of the most active malware and ransomware families rely on vulnerabilities in existing desktop operating systems. For some reason, if your business cannot replace or upgrade all existing systems, you can at least define extensive preventative measures, place compensating controls around those systems, restrict access to them, and make sure to have them tested by penetration testers in order to understand their potential for impact.
2. Limited Visibility of Assets and their Vulnerabilities
For any defender, it is important to know what needs to be defended and where the critical resources are. In many organizations, the most valuable assets are people and the information they collect and use. This approach also allows the company to prioritize the level of security based on the value of the data and the assets that manage it, rather than trying to protect everything.
3. No Policies to Strengthen the System
Another factor of infection is the attack surface. Unused services, open ports, and neglected operating system functions often attract uninvited customers. Keep in mind that no operating system is secure by design. It should be locked as much as possible. In an ideal scenario, you can detect systems that do not comply with your security policies and remedy them with the necessary modifications or checks.
4. Rely on Perimeter Protection and Antivirus
A few years ago, firewalls were the solution. With the emergence of advanced security threats, this concept has become obsolete. Keep in mind that ransomware and other threats most often arrive in your organization through a phishing email, unfortunately, aided by an employee, and not through a breach of perimeter defenses. Antivirus testing consistently shows that even the best-performing products are not immune to advanced anti-threat attacks.
5. Rely on Online Backups
With the growing importance of cloud storage, online backups have become a very popular method of data storage. These cloud storage resources can be efficient and effective, but many businesses may choose to ignore offline backups altogether.
Organizations that rely solely on cloud backups could potentially pay the ultimate price for efficiency, as ransomware can encrypt data on any type of storage. Therefore, I think the best practice would be to keep the backups redundant – online and offline – and test them periodically.
6. Exercise Limited Control Over User Access
How effective is a closed door with a key outside? Too often, organizations are compromised by the use of stolen credentials, weak passwords, or orphaned accounts. Ignoring proper access management, advanced password policies and multi-factor authentication (MFA) should no longer be an option. Better yet, support and enforce user access control with an identity access management (IAM) solution to add a layer of security that makes it easier to create user groups and limit user privileges.
7. Underestimation of Security Awareness
Most threats, including ransomware infections, require human interaction before entering the network and on devices. Members of your organization can potentially be some of the biggest threats or your most powerful allies, depending on how you prepare and train users. User awareness training can be an effective and cost-effective measure.
You might also interested in Top 15 Best GIF Making Software