Maksim Kabakou - Fotolia
Chief information security officers (CISOs) have an enormous job of protecting their organisations from multiple threats daily. If you ask any CISO what are the top attacks that could possibly keep them up at night, one of them will almost certainly be ransomware.
Ransomware is a form of malware designed to encrypt files on any device which renders these files, and any systems that rely on them, unusable. The attacker will then demand a ransom in the form of cryptocurrency in exchange for decryption.
Most ransomware comes from phishing emails that contain malicious attachments and/or drive-by downloads, where the user is unaware that some malicious virus just made its way onto the computer. Ransomware can come from other known sources, but this is the most common. Having a good understanding of exactly what ransomware is and how it can gain access to systems will allow the CISO to choose options that are best for their organisation.
There are several options that CISOs have at their disposal that can protect the organisation, such as: offline backups of critical data; implementing email filters at email gateways; intrusion detection systems; system configuration plans; training and awareness programmes and a host of other options.
Having the ability to combine several options that fit the organisation via a holistic approach will allow for multiple layers of security. Having in-depth defence is critical to protect systems against ransomware and to reduce the attack vector.
Achieving the right combination of measures can be somewhat of a balancing act. When selecting solutions, multiple infection and attack vectors need to be considered, such as internet-facing vulnerabilities and misconfigurations, phishing, and third-party managed service providers. Selected solutions must also allow for the organisation business to thrive without any major blockage. If the business cannot operate and remain profitable, then too many (or the incorrect) options have been implemented.
As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack. Any user within the organisation could be the first to come in contact with ransomware and are part of this frontline. The most valuable option for the organisation is training and awareness for the whole user population.
With large numbers of employees continuing to work from home in a post-pandemic world, there are increased threats of external internet connections and an increase in phishing attacks. Having a proper training and awareness programme inside the organisation that allows users to report suspicious emails with annual refresher training might seem simple and obvious to some, but will definitely help the CISO gain an understanding on the level of IT security knowledge of the user population.
Using gamification techniques for training and awareness has proven to maintain the users’ attention and help them retain the most critical tips to keep themselves and the business safe.
There is a great deal for the CISO to consider to protect their organisations from ransomware and a critical balance to strike between usability and not breaking the business. Having multiple options in place is the best approach, but the CISO will always have to ensure the solution set is cost-effective for the business.
Read more from Computer Weekly’s Security Think Tank series on ransomware
- Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things.
- Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks.