Ransomware Protection In Wilkes-Barre and Scranton

Cybersecurity continues to change at a rapid pace, and we don’t think that is going to change any time soon. 2021 was a game-changer in both positive and negative ways. In the negative, there were several low-profile and high-profile cyber attacks and vulnerabilities; high-profile organizations that were attacked included Colonial Pipeline, JBS USA, SolarWinds, Microsoft Exchange, Kaseya, and the year ending with the Log4j vulnerability.

When the year ended with the Log4j vulnerability, Jen Easterly (United States Director of the Cybersecurity and Infrastructure Security Agency) stated that it was the most serious vulnerability she had seen in her decades-long career. For many, they believed the government and private sector responded the right way to the Log4j vulnerability, probably in large part due to the things that happened earlier in the year to improve the national response to cybersecurity.

As for the positive, President Biden signed an executive order on improving cybersecurity in May 2021. There was also a White House Memo released in June outlining best practices to protect against ransomware. There was also more funding and resources given to the Cyber Security and Infrastructure Security Agency, an improved sense of communication and collaboration among federal agencies and with the private sector. Despite the positives, there continue to be challenges that businesses are encountering, but progress in government and private protection and response could provide a solution.

There were supply chain vulnerabilities and breaches that didn’t exactly happen to the organization that was targeted, but they happened outside that organization’s four walls. One of the things that have taken place is that it is being recognized that there are more cyber threats and national security threats aimed at critical infrastructures. There’s also better international cooperation with the federal agencies and foreign countries. We’ve also seen this happen with ransomware. As a response to this process, the Cybersecurity and Infrastructure Security Agency released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA).

The Ransomware Readiness Assessment (RRA)

The Ransomware Readiness Assessment (RRA) tool expands the CISA’s broader Cyber Security Evaluation Tool, which guides cybersecurity professionals through the process of evaluating their security practices. The toolkit includes a step-by-step guide to assessing information technology, operational technology, and industrial control system environments. This platform enables users to perform a full evaluation of their cybersecurity posture using government and industry standards and recommendations.

The new Ransomware Readiness Assessment tool is based on a layered set of practices to help organizations determine whether they can safeguard their assets and recover from a ransomware attack. The tool is designed to be used by organizations at all levels of cybersecurity maturity.

How Can Wilkes-Barre and Scranton Organizations Prevent a Ransomware Attack?

The average recovery cost from ransomware in 2021 was $1.85 million, up from $761,106 in 2020. If your organization is attacked and you choose to pay the ransom, the aftershock of the ransomware attack will be crippling and will last for years to come. Aside from facing the financial hurdles, your organization will face the possibility of reputational damage, loss of trust, and possibly legal and regulatory fines. Therefore, it is a must that security leaders take cybersecurity seriously and do their part to ensure they can prevent ransomware attacks from occurring within the organization.

What steps can Wilkes-Barre and Scranton organizations take to prevent a ransomware attack? Here are some of our recommendations:

Cybersecurity Awareness Training

Conduct routine cybersecurity awareness training with your employees to ensure they know how to spot phishing emails and other social engineering tactics. Conduct cybersecurity awareness training to also ensure that your employees know what to do if they do spot phishing emails. You can also conduct consistent cybersecurity assessments and testing, including phishing simulations to test your employees and determine how effective your training is.

Practice Good Cyber Hygiene

Practice good cyber hygiene and implement proven security policies, such as patch management, password protection, and access controls.

Reduce Privileges of Internet-facing Applications

Ensure that the servers for IT service management applications that require administrative privileges are not Internet-facing. Bad actors can use certain search engines to find IP addresses and servers that have been exposed and use that information to target organizations.

Design a Multi-Layered Defensive Strategy 

Your organization should employ a multi-layered defensive cyber posture that will effectively balance its employees, processes, and technology. This will be a more effective approach, rather than centering your cyber defenses around one element.

  • Implement a first-class cybersecurity culture and provide cybersecurity awareness training. (employees)
  • Establish the procedures that your employees need to follow when they receive a phishing email. (processes)
  • Have a clear understanding of what is taking place with your data and its sources. (technology)

Ensure Your Security Team Is Well-Prepared

Ensure that your organization’s security team has comprehensive visibility into your IT environment.

Implement the Proper Detection and Response Solutions

Utilize 24/7 monitoring and detection with manual and automated responses at an expert level. By taking this action, your organization will benefit from cybersecurity resources that your in-house security team may not have. Ensure you have an Incident Detection and Response strategy that is the perfect fit for your organization, so that if you do become the victim of a cyberattack a plan will be in place.

Backup Your Data

Perform regular backups of your data and store the backups in a separate location to ensure the backups cannot be accessed by bad actors.

Other key measures your organization can take to protect itself from a ransomware attack include the following:

  • Implementing tools such as antivirus applications, network monitoring, multi-factor authentication (MFA), and endpoint protection.
  • Ensure your operating systems and applications are updated and patched so bad actors cannot exploit any vulnerabilities.
  • Don’t install applications or grant the application administrative privileges unless you know what the application does.

Being prepared for a ransomware attack is only one part of a complex equation. Today’s business leaders must approach ransomware with the mentality that an attack could happen to their organization and be ready to respond to an attack should it occur. Learn how tech42 LLC can help your organization detect and contain threats before they become a crippling event.

Thanks to our colleagues at Orion Networks in Columbia, MD for their ongoing support of tech42.