Headline-making ransoms paid out by companies to cyber criminals have gotten everyone’s attention lately including President Biden’s. He recently signed an executive order which provides guidelines for improving cybersecurity. Waiting for governments to coordinate and contain ransomware activity is not the answer. Proactive vigilance and action do not cost much and have a dramatic impact on reducing the likelihood of a successful ransomware attack. Consider doing the following things in your organizations.
1. Consider reducing the attack surface by managing how external parties connect to your organization.
Cybercriminals are mostly after money. According to the 2020 Data Breach Report from Verizon, 80% of the breaches were financially motivated. It’s numbers game financially and attack surface wise. The more people in an organization or connected to the target organization that get phished, the more likely it is someone will open the email leading to a malware infection.
2. Don’t open a suspicious email without looking at the header.
Header information in an email is not typically displayed. Turn on the display as you will be able to tell where the email originates from. This is critical in understanding if the message legitimate or not.
3. Instantiate approval processes that require a manual check on approval.
These manual checks can occur before a change is instantiated to a critical system or monies are wired to external parties or software is installed on a local system. In fact, for most endpoints its a good practice to disable admin privilege’s which can help prevent suspicious applications from being installed.
4. Make sure systems are being kept updated with the latest security patches.
Organizations struggle with this aspect of vulnerability management. It is essential to have good patch management practices in place that are regularly and randomly audited. Ensure your software vendors are keeping pace and not forcing your organization to run on an unsecure/unpatched version of an OS.
5. Instantiate policies that are not punitive for reporting on clicked malware.
If employees face disciplinary action, it is very unlikely they will proactively report an accidental engagement with a suspicious email. This increases the dwell time for the attackers and the time provides an opportunity for lateral movement which is needed for a successful ransomware attack. Measure the success of a phishing training program by the number of malware events thwarted through reporting.
6. Separate Prevention from Detection and Response.
Companies should ensure that their cybersecurity strategy necessarily separates prevention from detection and response to avoid the prevention paradox. This is a deep topic for a small newsletter. The video below is a detailed presentation on the topic.
7. Implement phishing protection at the mailbox level.
Many organizations implement spam filtering from their office suite provider or a SEG solution. In either case, the polymorphic nature of email phishing attacks allows many of them to get through. Consider implementing phishing prevention should at the mailbox level.
All of us at Dark Rhino Security care about protecting our PMI Members and their organizations who rely on us. We have worked out a very special arrangement with our OEM partner Iron Scales to provide comprehensive AI based Phishing protection at the mailbox level to for $4.75 per mailbox per month. If you have questions or would like to take advantage of this offer ,which is valid till August 30th, please click the link below or call us at 614.401.3025 or write us at info@darkrhinosecurity.com.
