What you can do
In a previous blog I looked at the increase of ransomware cyber-attacks, especially in the public sector. This time I want to look at some of the ways you can tackle the problem.
Ransomware has become a profitable business with the use of franchised software and sophisticated support functions. With the targets moving from individuals to more profitable organisations it is clear that attacks on the public sector will continue to increase. There is a lot that companies and public sector bodies can do to reduce the possibility of a successful attack and mitigate the effect. A significant amount of this can be achieved through following good cyber security guidelines of the sort that colleagues have recommended, see Ian Hirst’s blog post ‘Welcome to your new cyber security team’. These are also laid out by the Irish National Cyber Security Centre document Cyber security 12 step guide‘
However, there are some parts of the good practice that are particularly relevant to ransomware prevention. The UK Government National Cyber Security Centre, undertaking a similar role and function to its Irish counterpart, has issued guidance on their pages ‘Protecting your organisation for ransomware’ and like so many things it comes down to doing the simple things right:
- Make sure all your staff know how to deal with email phishing, basically ignoring anything that looks suspicious. 39% of ransomware is introduced through email phishing.
- Keep your systems up to date, especially with security patches. Software vulnerability accounts for some 8% of attacks
- Configure your systems using best practice guidelines from the software and hardware makers. 50% of attacks are through vulnerable Remote Desktop Protocol (RDP) ports that allow remote access to systems. Once exposed details of addresses for these systems will frequently be sold to other attackers.
What we recommend
In addition to both NCSCs’ information there are also some best practice guidelines that we would recommend. These are based on our extensive work helping clients with cyber security and business continuity, even on some occasions when they are recovering from a ransomware cyber-attack. They may seem quite obvious but are easily missed since everyone assumes that someone else has it under control. Our top pointers are:
- Make sure that you have a planned back-up strategy for your services, including regularly isolating the back-up from the main network to prevent any virus spreading to your back-up. In this way you can recover to an unaffected set of data should it be necessary. This includes cloud-based Software as a Service, you still have shared responsibility, and the cloud vendor may not be making as many back-ups as you think.
- Have a business continuity plan (BCP) that identifies the priority of services and how you would recover them in the correct order. To do this you need to think about your systems and how much they are used. This needs to include office automation such as email and instant messaging as well as the line of business systems. Many organisations would struggle without services such as Microsoft Teams and email more than some of the Line of Business systems.
- Test the back-ups and BCP regularly. This will help identify changes in priority or systems that mean changes to the BCP as much as making sure everyone knows what to do and in what order.
- On the technical side then segregating networks so that any successful attack can be more easily contained needs to be part of the configuration management.