Cyber Crime & ForensicCyber SafetyIdentity & Access

12 Essential Tips to Bolster Resilience and Combat Ransomware Threats

Photo of CSA Editorial CSA Editorial Send an email June 15, 2023
4 minutes read

Attributed to: Beni Sia, Acting APJ Leader, Veeam

The relentless nature of ransomware attacks is a huge pain point for IT decision makers (ITDMs) today. The reputational and financial damage to companies resulting from a successful attack can be frustrating – according to Veeam’s latest Ransomware Report, one in seven organizations had almost all (>80%) data affected as a result of a ransomware attack.

The escalating frequency of such attacks on organizations is making cyber-insurance a less viable option for companies today, as insurance companies are either opting out of cybersecurity coverage or putting a higher price tag on it. There are numbers to prove it: 74% saw increased premiums, 43% saw increased deductibles and 10% saw their coverage benefits reduced. This leaves organizations more vulnerable than ever, as 77% of ransoms were paid by insurance in the past year.

Without this safety net, it is critical for organizations to focus on making their organizations more resilient. Here are 12 tips that ITDMs need to follow to keep attacks at bay:

#1 – Phish your employees before blackhats do
If something sounds too good to be true, it probably is. Data-mature companies have started running phishing simulations on their employees, figuring out who’s diligent enough to report these attempts, as well as to identify those most likely to fall for social engineering. The tried and tested advice bears repeating: do NOT click on unknown links, open unexpected or suspicious attachments, or provide information to anyone you don’t know or weren’t expecting to hear from.

#2– Know your malware statistics
Let’s face it: for all the talk about cybersecurity, there will always be individuals who get lulled into a sense of complacency. According to Veeam’s Data Protection Trends Report, 85% of organizations in Asia Pacific had suffered from at least one cyberattack in the last 12 months. Constant vigilance is key to preventing you from being part of this statistic.

#3 – Give hackers a hard time
Number-only passwords with 10 characters can be brute-forced instantly. 11 numbers brings it up to 2 seconds. It goes up exponentially from there – 17-digit passwords will take 4 weeks to crack. Longer is stronger. Leverage passphrases to help create long passwords that are easy to remember, but hard for others to guess.

#4 – Control your time to control your data
Wise men say only fools rush in – when working on sensitive information, slow down and avoid making simple mistakes. Also, always double check parameters when sending information – the recipient/cc/bcc lists, attachments you may have forgotten to remove, or even message history.

#5 – Establish data classification systems
You cannot protect your most sensitive information if you don’t know the significance of the data you hold. Inventory and categorize your files. Classify and protect them based on their sensitivity level, and make sure the classification systems adhere to a clear hierarchy obvious to anyone who comes into contact with proprietary information.

#6 – Keep sensitive data in information silos
You may hire the most trustworthy people to work for you, but that doesn’t mean they all need access to your most sensitive information. As in the previous tip, provide access only on a need-to-know basis. This protects confidentiality and drastically reduces the impact if someone’s access is compromised. Use multi-factor authentication when given the option to minimize the damage if static passwords are stolen.

#7 – Automate your security
Technology is a cybersecurity leverage point. It can exponentially increase your productivity if you use the right tools and introduce trusted systems that fit your organization. This can mean introducing company-wide SaaS tools like VPNs to secure your data, or even leverage comparatively ‘primitive’ tools like bookmarks for important URLs to reduce the odds of falling for phishing sites.

#8 – Establish a clear security structure
World-class athletes train to reach the point where muscle memory carries them through familiar situations. Your organization’s security can reach such a level, but the steps to get there must be intentional. It is important that, firstly, you have a defined incident reporting and response plan, and secondly, that this plan is communicated frequently. Having these in place the barriers to action when incidents actually occur. The shorter the time between an occurrence and your security team learning about it, the more damage can be mitigated.

#9 – Mobile phones are an attack vector too
Security doesn’t stop when you leave the office. Use an external battery pack rather than public charging ports as a first line of defense against ‘juice jacking.’ Connect only to private, trusted, and secure Wi-Fi networks to prevent data leakage. Use a privacy screen or stay away from prying eyes when keying in banking details or medical information. These are habits that, when formed, pay long-term dividends.

#10 – Create distinct work-life balance – for your devices
The boundaries between work infrastructure and personal devices are blurring. Some of us use personal devices and similar cloud services for work. To mitigate this, ensure your corporate policies are updated, requiring devices with internet connectivity that are used for work to be protected. This could take the form of anti-malware software, strong passwords, or access controls. No organization or device are the same, but a general rule of thumb is that if you can connect it, protect it.

#11 – Upgrade your 3-2-1 backup strategy
You can have a best-in-class security program and still find yourself in a situation where your data can no longer be accessed or trusted. The traditional advice is the 3-2-1 strategy – have 3 copies of your data on 2 different media, with 1 copy offsite. For increased security, consider Veeam’s 3-2-1-1-0 strategy. On top of the steps in the 3-2-1 strategy, make sure to have 1 copy of the data that’s air gapped and immutable, as well as a mandatory check for 0 errors to ensure the data’s integrity and usability.

#12 – Invest in a data-native workforce
Cyber criminals are constantly evolving and adapting their tactics as they learn about new protections being put in place. There are Phishing-as-a-Service providers that specifically target enterprises. Against this backdrop, it’s clear that your organization’s people can either be your weakest link or your greatest asset. Place greater emphasis on your staff’s digital education and data maturity beyond their scope of work and teach them how they can be part of your human firewall – each of them can become an extension of your security team.

Tags
Photo of CSA Editorial CSA Editorial Send an email June 15, 2023
4 minutes read
Photo of CSA Editorial

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Financial Phishing

Financial Phishing Continues to Be Menace to SEA Companies—Kaspersky

November 28, 2024
Keeper Security

Williams Racing Chooses Keeper Security to Safeguard Data in Formula 1’s High-Stakes, Data-Driven World

November 28, 2024
Tanium Automate

Sleepless Nights & Security Gaps: Why Automation Is Your Cybersecurity Ally

November 27, 2024
DevSecOps

Everything Old is New Again: AI-Driven Development and Open Source

November 27, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net