Bob Burns | Chief Product Security Officer
The line between our online and offline lives is blurring and in a highly interconnected world, societal well-being, economic prosperity, and national security are impacted by the internet. October is Cybersecurity Awareness Month and this year’s theme is “Do Your Part. #BeCyberSmart.”
The purpose of Cybersecurity Awareness Month is to empower individuals and organisations to own their role in protecting their cyberspace. If everyone does their part – implementing stronger security practices, raising community awareness, educating people, following good cyber hygiene – our interconnected world will be a safer and more resilient place for everyone. This is the only way to keep people safe from attacks on their data, personal information, finances, and infrastructure.
Can good cyber hygiene protect us from ransomware?
Ransomware attacks are on the rise and adversaries are developing more sophisticated cyberattacks. The May 2021 ransomware attack on Colonial Pipeline was a harsh reminder for corporations of how easily the dominos can fall within an organisation without adequate cybersecurity measures. Attackers are also targeting critical sectors like education and healthcare. Over 500 healthcare providers suffered ransomware attacks in 2020 alone.
The increased volume of ransomware and cyberattacks targeting critical infrastructures were the driving force behind President Biden’s Executive Order on strengthening the national cybersecurity posture.
Even though ransomware actors are getting more sophisticated with their methodologies, basic cyber hygiene is still the answer to preventing these types of attacks. Cybersecurity experts agree that the vast majority of attacks active today can be prevented by good cyber hygiene practices.
“If you look at the most major ransomware attacks that have occurred, basic cyber hygiene could have prevented the vast majority of them, so, killing their ability to move laterally,” Matthew Swenson, chief of the Department of Homeland Security’s (DHS) Cyber Crime Unit at Homeland Security Investigations (HSI), said during a recent webinar.
Maintaining a good cyber hygiene posture is a shift in mitigating ransomware threats – instead of reacting to an incident, basic cyber hygiene can help you to proactively prevent ransomware attacks before they occur. Even if an attack should occur, good cyber hygiene practices can help organisations control and reduce the impact. As the organisation becomes more mature, it can implement more advanced cybersecurity controls to block bad actors from hijacking their sensitive, valuable data.
What are good cyber hygiene practices?
The risks of ransomware is not something an organization can address through a single activity or by deploying a special security tool. Instead, ransomware takes advantage of a lapse in operational, technical, and human security controls. Recognizing that good cyber hygiene practices can help organizations minimize these lapses, many cybersecurity government agencies, such as CISA and NCSC, have published guidance for combating ransomware attacks. At a high level, their advice can be summarised as follows:
- Prepare for the threat: Create, maintain, and test encrypted, offline backups of critical data. Develop and exercise both a cyber incident response & communications plan. Make digital asset management a key competency for your organization. Create and maintain a cybersecurity awareness training program for your users.
- Harden your systems: Keep systems up to date, consistently maintained, and use appropriate tools and security teams to regularly test and evaluate your environments. For those critical systems where updates are challenging, make sure to add layered defenses and threat detection capabilities to further protect those systems from attack.
- Implement multi-factor authentication: Verify users and system components using multiple factors (not just simple passwords) and according to the risk associated with the role, requested access or function.
- Implement the least privilege principle: Allow users only the minimum necessary access to perform their job — nothing more. System components should be allowed only the minimum functionality required.
- Segment your network: Logically & physically divide your network infrastructure into smaller parts to make it more manageable to protect and contain the damage if one part is compromised.
- Encrypt all your data: Protect all your data, whether stored or transmitted. In the event of a data breach, the encrypted data will be of little value to the attackers.
While it might seem daunting to get started, it is useful to recognize that the cyber hygiene recommendations made above provide valuable cyber security defenses for a broad range of possible threats, beyond ransomware alone. I’d like to conclude with a thought from one of my colleagues, Marc Darmon, Executive Vice-President, Secure Communications and Information Systems: “Let's take the opportunity to remind everyone of the importance of digital security for citizens, employees, businesses and government agencies - we are all concerned! Trust is essential to the development of our societies. Trust in our institutions. Trust in our infrastructures. Trust in technology. Trust in each other. But in an increasingly connected world, there is no trust without cyber security.”
Find out more about Thales data security and access management solutions to mitigate ransomware attacks.