Organisation leaders face the tough question: Do they pay up? This is a complex decision as ransomware actors often keep demands relatively affordable and easy as they are intent on collecting money quickly and moving on to their next target. However, making payment does not guarantee the successful return of encrypted files or device / computer storage.
- Ignoring Privacy settings
With the rise of social media and internet usage for personal and professional reasons, users seemingly sprint their way throughout the online universe without thinking about privacy settings. Individuals share much of their personal and sensitive information on their social media, and because of the easy accessibility to these personal information, attackers are able to take advantage of these information for malicious purposes.
How can organisations then protect themselves from these threats? We look at three approaches that organisations can take to mitigate potential risks.
- Develop an In-depth IT security system
To start, organisations should build an IT security strategy that protects against internal privileged users, as well as external threats. Organisations can complement their firewall and anti-virus tools with insider threat-centric tools related to authentication/access control, data loss prevention (DLP) and user behaviour analysis.
- Setting the right permissions and access rights
Organisations should set clear limits on the use of shared privileged user accounts. Employees should be restricted to the information necessary for their scope of duties. For example, the HR department should not have access to the documents necessary for the finance department. Upon setting these privileged access, organisations can further leverage on automated or Privileged Account Management (PAM) tools to both administer and monitor privileged user accounts.
A privileged user may have access to the information, but a sudden increase in downloads of the aforementioned information would raise a red flag on the employee's actions; in this case, the access may be correct, but the context of his action might be detrimental to the organisation. More granular assignment of user access rights can also limit the access of the ransomware to a smaller attack surface within the network, minimising impact.
- Educating employees at all levels
To further mitigate these potential risks, put all users through detailed training or certification programmes which educates them on best practices and how to recognise an adversary's stealth techniques. Organisations need to ensure that its employees understand and are aware of the implication of their actions. It might be easier for the employee to work off a portable flash drive, but has it been compromised with malware which might in turn infect the organisation's IT system?
Employees should also exercise caution and avoid opening suspicious e-mail attachments or links to websites that they do not recognise or are sent from people they do not know. Organisations should also encourage employees to report suspicious emails or incidents through an easy to use security incident program.
Sign up for Computerworld eNewsletters.