Can IT Departments Defend Their Businesses From Ransomware Attacks?
In the previous installment of this series on security, I explained what Ransomware is. Today we talk about how IT managers can defend their networks from attack.
Ransomware is an atypical strain of malware in that it confronts end users directly. The goal of the attacker is not to spy on the user, steal data, or make political statements. It’s basically a cyber holdup in which the success or failure of the attack depends on whether or not the infected users pay a ransom.
The fact that end users are the targets of cyber criminals is not surprising.
The surprise is that a relatively unsophisticated strain of malware is able to make its way to corporate end users’ devices, in effect placing businesses a click away from a malware disaster.
Large companies and governments have layers of expensive malware filters focused on protecting their computing resources. The networks, servers, databases, and communications services such as email are served by firewalls, anti-virus apps, redundant systems, and enterprise-wide backup and restoration.
Despite that, the estimated worldwide cost of cybercrime and cyberespionage is between $375 billion to $500 billion per year.
Any effective ransomware defense should have end user education as its centerpiece. At the very least, IT should update its best practices frequently and make sure users are aware of the updates.
Even the best of best practices may not be enough however. Among the victims of the recent spate of ransomware infections are a number of high-value corporate users, according to a report from IBM.
The IT world has fumbled this outbreak onto the front pages of the mainstream media, which contributes to the general sense that cybercrime is out of control.
The lack of preparedness is an industrywide problem. In the wake of a malware outbreak, the vendor community is always at a disadvantage because of its response time-lag. It takes them weeks or even months to come up with patches or new corrective updates to their antivirus (AV) systems. And IT is frequently negligent in terms of labor-intensive activities such as updating systems software, performing frequent backups, and above all educating users.
Fighting Malware Outbreaks
The following is a list of immediate moves IT professionals should make at the first sign of a malware infection. The list was culled from companies such as Microsoft, IBM, Checkpoint, Symantec, and law enforcement sources among others.
- Disconnect the infected systems from the network.
- Wipe the infected drives and restore them from known backups.
- Install the latest version of the company’s preferred AV systems along with the most recent patches.
- Block end users’ ability to open suspected malware at least until the outbreak runs its course.
- Back up your data.
- Regard all attachments as suspect until further notice.
- Update the company’s best practices and begin a formal and thorough program of end user education.
- Develop a security team separate from IT that focuses entirely on security monitoring and user training.
- Build an emergency response system to shut the entire network down if needed.
These are essentially defensive measures. They are designed to protect the corporate network and restore the infected systems after an outbreak. They don’t protect the network against new or refurbished strains of malware. That remains a fundamental problem with the way the technology industry combats malware.
In Part 3 of our series we address the industry’s attempts to change its defensive posture and move towards malware prevention.
All posts in this series: