With the spread of ransomware attacks, Palo Alto Networks has unveiled a set of steps that organizations and individuals should focus on to defend against this type of attack, namely:
1- Keeping up with the latest developments related to the evolving and ever-changing cyber threat scene
Ransomware attacks will undoubtedly continue to grow and evolve as malicious actors adopt new techniques to target businesses, therefore, security teams and executives must stay informed about the current developments in that scene, their potential impact on businesses, as well as the steps that can be taken to deal with and prevent such attacks.
2- Knowing the repercussions of losing important data on the business
To understand the different impacts of ransomware attacks, you must first form a complete overview of the different business assets and understand where sensitive data is located, accessed and used across the organization.
To complete this step, you must complete the data planning process, ensuring that access to confidential information is based on adequate knowledge.
Then you need to conduct an analytical study on the risks of not being able to access this data.
3- Evaluating readiness at the internal and external levels
The risk of significant ransom attacks rises in the absence of a regular assessment of a company’s cyber security defences. Therefore, every company must thoroughly assess the risks facing it, according to the approved security landscape based on people, processes, technology and governance capabilities.
In addition, every risk that may arise through external third parties must also be identified, enabling the establishment of a mitigation master plan detailing the requirements of reaching the security targets aligned with the strategic business objectives.
4- Reviewing and testing the incident response plan
It is necessary to regularly test and update the incident response plan, and use the latest information and data related to ransomware attacks to conduct exercises and simulate attacks.
This test measures the company’s readiness to respond and deal with ransomware attacks, in addition to contributing to the identification of vulnerabilities, assessing the level of defences, and the ability to confront the tactics, techniques, and procedures used by known groups to launch ransomware attacks.
5- Adopting an electronic security approach based on zero trust
If used correctly, the Zero Trust strategic cybersecurity approach simplifies and standardizes risk management by adopting a single security state for users, devices, communication sources, or methods of accessing information.
A zero-trust security approach addresses the risk of ransomware attacks by removing the trust factor and pursuing verification and authentication at every stage of digital interactions.
6- Identifying at-risk assets and blocking common ransomware attacks
Companies have to adopt a system for tracking the various assets, systems and services a company owns on the internet, including tracking assets across all cloud service providers (CSP) and internet service providers (ISP), using comprehensive indexing that spans common, often incorrectly configured ports and protocols.
For example, the Remote Desktop Protocol (RDP) is responsible for the majority of ransomware attacks, as attackers can easily discover RDP due to the growing and popular trend of working from home.
7- Blocking known and unknown threats
You must keep up with the latest developments regarding ransomware attacks and arm yourself with the technical know-how to provide new protection at a faster rate than attackers can respond.
Furthermore, to prevent known cyber threats, you need to stop and prevent malware, and command-and-control traffic from accessing your network, because blocking these processes increases the cost of executing ransomware attacks, which may help deter attackers.
8- Adopting automation as much as possible
When ransomware attacks occur, many hours of manual labour are spent trying to compile various sources of information from multiple tools, therefore, it is important to have the appropriate tools that support automatic repair of the damage caused by ransomware attacks, using operating resources prepared in advance to respond to such attacks and recover data.
Security orchestration, automation and response (SOAR) products automate the entire process so that response teams can quickly stop ransomware attacks, and reduce data loss as well as the financial impact associated with such attacks.
9- Securing the business cloud
To secure and protect your business in the cloud against ransomware attacks, you must ensure that various cloud infrastructure resources, Kubernetes services, and data container images are securely configured.
Furthermore, you must take steps to eliminate security vulnerabilities and ensure that no security features are disabled by default, as well as check open-source packages and libraries for vulnerabilities that can be patched.
In addition, you should remove unauthorized or unused access management features.
10- Reducing response time through an agreement for providing external support
In the event of ransomware attacks, quick action is crucial, therefore it can be beneficial for a company to have a preexisting agreement with a cyber security provider, that ensures the company gets prompt external technical support as soon as the attack is identified.
As incident response experts are considered a part of the company’s team and have the capabilities and technologies necessary to provide assistance when needed.
