What the New SEC Cybersecurity Proposal Means for Today
March 17, 2022
How to Stay Safe from Malware and Other Cyber Threats
March 31, 2022
By: Jay Town, Gray Analytics VP & General Counsel
Cyber threats continue to grow in sophistication and complexity as technology evolves. Businesses and agencies of all sizes are being affected, and inattentive or careless employees are one of the primary causes of data breaches at small-and medium-sized businesses. Training for cyber security is paramount in today’s world as the “Human Firewall” is likely the most important line of defense against future cyber incidents. A cyber-aware organization provides a level of defense that cannot be present without adequate training. It is the responsibility of every CEO, principal, and individual to familiarize themselves with the scope of today’s biggest cyber threats and the manner in which those cyber threats can be abated. Helping employees learn what to look for, what not to do, and what to do both proactively and in the event of a cyber-attack or breach will significantly reduce the risk of cyber-related incidents to your organization.
This can sound daunting! Thankfully, there are several practical steps business leaders can take to get their companies well on their way along the roadmap to cyber health.
Assessing the readiness of human capital and providing improvement strategies is the single most important factor in reducing the occurrences of cyber incidents across an organization. Gray Analytics’ extensive knowledge and experience in how people react to threats such as phishing attacks or business email compromise (BEC) will help you create solutions that provide the first line of defense against cyber threats.
Jay Town, former U.S. Attorney and Gray Analytics’ Vice President, General Counsel, and ChainShield™ Lead, has prepared a series on cybersecurity tips and best practices to help business leaders take the first steps to securing their operations. Learn more by reading our additional posts linked below.
Further reading:
- The 11 Critical Cybersecurity Questions Your Company Needs to be Asking Today
- How to Defend Against Today’s Biggest Cyber Threats
- How to Stay Safe from Malware
What is Ransomware?
Ransomware is a type of malware that various threat actors deploy to infect computers and encrypt computer systems or data/files until a ransom is paid. Ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.
Ransomware is typically paid in virtual currency, like Bitcoin. Once the ransom is paid, most networks are decrypted, and the data/files again become available to the victim. If the ransom is not paid, the ransomware attacker will permanently encrypt the data or files, making them permanently unavailable to the victim.
The most common manner of a ransomware attack is for the malicious software to be delivered through phishing emails or via “drive-by downloads.”
Phishing emails are emails that appear to originate from a legitimate source known to the victim, thereby inviting the user to click on a malicious link or open a malicious attachment. The malware is then downloaded upon that “click event,” and the ransomware attacker is then able to encrypt data or files on the victim’s network.
What Can be Done to Prevent a Ransomware Attack?
There is no foolproof way to prevent a ransomware attack, but there are meaningful measures that will assist in preventing an attack or limiting the exposure of the ransomware. Those are:
- Regular Penetration Tests. A penetration test, conducted properly, identifies security gaps in your cyber environment. By identifying the gaps, professionals (like those at Gray Analytics) can harden systems and networks to fill those gaps.
- Routine Network Threat Hunting. Regular searches of your network for any threats currently or previously traversing your cyber environment will alert your business/agency of ongoing cyber threats and vulnerabilities to your system. Catching these threats before they become active – or active again – is critical to maintaining a cybersecure system.
- Frequent computer backups. Regularly and routinely backing up your network and important files gives you the ability to restore your system to the most current backup.
- Backup storage should be separate. Systems should be backed up on a separate device that cannot be accessed from a network, such as on an external hard drive or separate server. This normally prevents backup data/files from being encrypted in the event of a ransomware attack.
- Employee Training. Employers should ensure that their employees know and understand the risks ransomware attacks pose to the company, their jobs, and their privacy. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. Some companies will have cyber experts, like Gray Analytics, deploy illustrative phishing emails that pose no threat to the company to further illustrate to employees just how easy it is to become infected with this malicious software.
A Proactive Incident Response Plan is Critical
Businesses cannot afford to wait to develop a ransomware strategy only after a ransomware attack. Having a proactive Incident Response Plan (IRP) in place will provide the greatest window for recovery of the data/files that have been encrypted.
The IRP should be developed by leadership and cybersecurity professionals, like those at Gray Analytics.
A formal incident response plan is vital to organizations today. Almost every organization is at risk of having an adverse cyber incident and should be prepared in the event one occurs.
Employees should know what to do and say, when to do it, and how to execute well-defined responsibilities. Organizations run the risk of not being able to mitigate and ultimately not being able to recover from a cyber incident if an incident response plan is not in place prior to an attack. Further, companies introduce risk of reputational harm if employees are not trained in who to talk to and what to say after an incident.
What Else Can Business Leaders do to Protect Their Organizations?
Ransomware is never 100% preventable, nor is any plan to prevent a ransomware attack perfect. As technology evolves, so does the sophistication of cyber criminals. Regular consultation with experts, like those at Gray Analytics, will allow your business/agency to have and utilize the most current threat vectors in cyberspace.
Here are some sound, basic practices to help prevent a ransomware attack:
- Always update your computer. The applications on your computer are always being updated. Make sure that your settings are automatically updating your applications and software. Many of these updates fix “bugs” or vulnerabilities, so it is critical that the updates are done in a timely manner.
- Only use familiar websites. If you are unfamiliar with a website, do not click on a link to it or plug it into your browser. Staying safe online means ensuring that you are traversing the internet in a trusted, familiar manner. Keep in mind that malicious web addresses intentionally appear to be identical to legitimate websites (e.g., .com vs .net).
- Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files.
- Inform yourself. Stay informed about recent cybersecurity threats and up to date on ransomware techniques. There are many government and private websites with troves of information for online safety.
- Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malicious software.
What Should I do if My Organization is Attacked?
- Call the FBI. If you are the victim of a ransomware attack, your first call should be the Federal Bureau of Investigation. Your local FBI office can be quickly located, but should be a part of your proactive reaction plan already.
- Report the Event to IT Department. If you suspect that your computer or device has been infected with malicious software/ransomware, report this to your IT helpdesk or security office immediately. The IT Department should then immediately contact professional cybersecurity providers to remediate against the ransomware threat. The company should be identified in the proactive reaction plan – or Incident Response Plan (IRP) – and that company should be Gray Analytics.
- Take the Necessary Reactive Steps. Users should change all system passwords once the ransomware has been removed.
Ransomware Attacks are Becoming More Common and More Costly
According to Cybersecurity Ventures, ransomware was expected to attack a business every 11 seconds by the end of 2021, and damage costs were predicted to reach $20 billion (LINK). The federal Cybersecurity and Infrastructure Security Agency lists backing up your data as the first action to take today to make sure you are not tomorrow’s headline (LINK).
Comprehensive assessments of people, process, and technology are paramount to understanding the ability of an organization to detect, defend, and recover from a cyberattack. Gray Analytics provides the depth and breadth of expertise to review and understand your organization’s cyber landscape in all three domains.
Engaging with Gray Analytics’ team of experts to perform a comprehensive assessment of your operation can help you feel confident that risks to your business are clearly identified and effectively mitigated.
