Ransomware is a major cybersecurity threat to organisations around the world, but it’s possible to reduce the impact of an attack if you have a thorough understanding of your own network and the correct protections are in place.
While the best form of defence is to stop ransomware infiltrating the network in the first place, thinking about how the network is put together can help slow down or stop the spread of an attack, even if the intruders have successfully breached the perimeter.
One of the best ways to do this is to segment the network, so different parts of the organisation are separated from one another. That means if cyber criminals do get into the network, it’s much harder for them to move about and compromise other systems.
SEE: A winning strategy for cybersecurity (ZDNet special report)
“If you can do that and just one business unit gets compromised, then that is much easier to isolate to determine what’s going on, contain it and then bring services back online. [If] it’s an entire organisation, then it gets really difficult.”
One of the first things cyber criminals distributing ransomware will do after entering a network – which is often achieved with phishing attacks or exploiting unpatched vulnerabilities – is finding out what the network looks like in order to determine the best way to move around it and eventually execute the ransomware attack.
It can be difficult for IT departments to audit the entire network to discover everything that’s on it, but if they can do this, they can examine the network and use this knowledge to identify potential vulnerabilities and take the necessary action to prevent attacks.
“The first thing that I always recommend all organisations do, regardless of size, is have a really good understanding of what assets they’ve got. The reason why that is, if you don’t know what assets you’ve got, you can’t secure them,” said Williams.
“Once you’ve got a good understanding of what your assets look like, you can build in layers then, so you can do good vulnerability management to make sure that there’s no exploits available for your kit that’s out there – and making sure you’re doing this regularly because exploits come out quickly and can get weaponised quickly,” he added.
The best way to prevent vulnerabilities being exploited is to apply security updates as soon as possible. Ensuring that default or easy-to-guess passwords aren’t used on the network and two-factor authentication is applied to all users can also help to prevent networks falling victim to ransomware and other malware attacks.