The incidents of ransomware -- especially crypto-ransomware, in which cybercriminals hack vulnerable systems, encrypt the data and hold it for ransom -- saw a huge spike in 2016, and the practice shows no signs of slowing down.
According to Symantec's 2016 Internet Security Threat Report (ISTR), there were more than 4,000 ransomware attacks per day since Jan 1, 2016, a 300-percent increase over 2015, which saw an average 1,000 attacks per day, according to the ISTR.
While organizations can't ever be completely protected, there are a number of steps you can take to minimize the risk and potential fallout from a ransomware attack, says Scott Millis, CTO at mobile security and secure device management platform Cyber adAPT.
"By facing ransomware head-on and understanding the potential impact through threat assessments, businesses can at least be aware of the data and systems that are most critical to their operations and are in need of the most protection. If weak points are found in your systems and potential attack surfaces, you can then apply solutions to protect these valuable assets," Millis says. Here are his top five tips for combating ransomware.
1. Be constantly vigilant
Perform an ongoing business impact and threat assessment analysis, Millis says. This should be run in conjunction with business and department leaders to categorize threats, users and digital assets into high, medium and low-priority classifications, and will enable faster alert response on high-impact threats, events and critical assets, he says.
2. Be proactive
Think strategically throughout your security program, with an emphasis on keeping up with evolving threats. That way you can proactively thwart new social engineering techniques and pay greater attention to all security layers -- avoiding stagnation of your technology controls, Millis says.
3. Support the perimeter
Do more to support the ever-expanding perimeter. Monitor endpoints and network-based security controls to keep pace with the latest security threats and variables, so your security architecture grows and adapts along with those threats. Securing all devices and monitoring all activity that reaches or connects to the network will highlight malicious activity so you can act and react quickly, Millis says.
4. Use emerging technology
Consider using emerging technologies, such as cloud access security brokers (CASBs), endpoint exploit prevention, malware sandboxes, network traffic analysis (NTA), user behavior monitoring, threat deception and endpoint detection and response, to improve your security stance.
5. Back up, back up, back up
The single most important thing you can do to mitigate the risk of fallout from a ransomware attack is to back up your systems and critical data to a secure location. Got it? Now, back them up again. And again, and again. With up-to-the-minute backups, any attackers that do manage to penetrate your system won't have much leverage, since your data will be current, secure and accessible from your backups, Millis says.
Sign up for Computerworld eNewsletters.