What can you accomplish in 11 seconds? Could you dash off a quick reply to an open email or fix yourself a cup of coffee? It’s a short window of opportunity, 而且绝对是太窄了,你无法避免一场有害的网络安全事故.
A 2019 article from Cybersecurity Ventures anticipated that, by 2021, a new business would fall prey to ransomware attacks every 11 seconds, with global costs from all incidents amounting to $20 billion.
The fact of the matter is that you can’t wait for attackers to find you. 你必须在倒计时开始前发展积极的防御和强大的网络安全程序.
So far, the pessimistic predictions seem to be coming true. 联邦调查局互联网犯罪投诉中心(IC3) 2020年的一份报告指出,该办公室出动了 2,474 claims related to ransomware attacks that year. This was a sharp increase of more than 20% compared to the 2,047 reports filed in 2019, 哪一个, 本身, represented a rise of about 37% from the 1,493 complaints handled by the IC3 in 2018.
Not only is the number of incidents rising, 但行凶者继续从受害者身上寻求越来越多的钱. According to the Unit 42 Ransomware Threat Report, the average organizational payment from targets in the U.S., Canada and Europe jumped 171% between 2019 to 2020, reaching $312,493.
鉴于远程工作的持续扩散和最近关于勒索软件攻击关键基础设施和重要医疗保健组织的头条新闻, 你可能想知道你的公司从今天开始如何实施积极的措施.
在这篇文章中,我们将关注如何在这些类别中加强你的防御:
- Vulnerability management.
- Third-party risk management.
- Training and communication.
- Email security.
- Security operations centers (SOCs) and managed detection and response (MDR).
- Identity and access management.
- Backup and recovery.
Vulnerability management
Attackers often exploit known vulnerabilities in servers to deploy ransomware. 管理对勒索软件攻击的暴露的一项重要技术是确保主动识别安全漏洞并及时打补丁.
Third-party risk management
供应链攻击可以为那些试图用勒索软件感染你的网络的犯罪分子提供另一种途径. With this technique, 攻击者渗入数字生态系统的下游组件,以危害您的系统. For this reason, a strong third-party risk management program is essential for lowering your potential exposure to ransomware attacks.
Training and communication
More than ever, 今天的企业需要确保他们的员工根据组织的网络安全政策和适当的安全卫生进行适当的培训. Because of the shift to remote work that was accelerated by the COVID-19 pandemic, educating employees and contractors on ways to secure company assets, as well as the threat landscape and their role in it, is an indispensable defense tactic. No matter how tight your defenses are from a technical standpoint, 在你的组织中工作的个人可能会受到社会工程的影响. At the end of the day, you are as strong as your weakest link.
At a minimum, make sure that workers at your organization know:
- How to spot social engineering techniques: They should be wary of any requests that are out of the ordinary, 尤其是当一封邮件似乎会产生一种可能引起怀疑的紧迫感时.
- Whether they’ve come across some of the telltale signs of phishing: 工作人员应该在不点击链接的情况下预览链接,并注意那些校对不良的通信.
- Why it’s essential to report potentially fraudulent emails: 分享有关钓鱼企图的知识可以帮助组织提高防御能力.
- What steps to take in the event they’ve been compromised: Sometimes it happens where the best of us can become susceptible to a threat, and workers must be educated on the steps they should take if it happens to them.
Email security
在理想的情况下, 当涉及到识别和阻止网络钓鱼邮件时,你的员工将不需要做繁重的工作. 过滤机制应该能在电子邮件中捕捉到明显的危险信号,并在这些人不得不做出要求他们将上述培训付诸实践的决定之前,将有问题的通信从潜在目标转移出去. 虽然您不想使用过分热心的安全措施,以妨碍正常的业务操作, 一定程度的保护对于保护公司免受可能的勒索软件攻击是很重要的.
Security operations centers (SOCs) and managed detection and response (MDR)
soc可作为集中安全操作以提供持续监视和协调整个企业响应活动的方法. MDR特别指用于评估组织的安全状态和在检测到可疑活动时提供补救的外包操作. 企业可能需要通过合作伙伴关系和内部机制来实现或提高其安全态势,因为它们试图积极地监控环境中的异常情况, unusual behavior and unauthorized attempts to access ports.
Identity and access management
In the modern enterprise, 身份和访问管理(IAM)对于确保企业资产的安全至关重要. In the new era of remote work, 确保适当的各方对正确的系统具有正确的访问级别,以执行其职责并支持关键业务操作,这一点至关重要. With the rise of cloud-based solutions, 当员工通过网络通道访问关键系统时,诸如单点登录(SSO)和多因素身份验证(MFA)等身份验证机制比以往任何时候都更重要,这些网络通道没有由企业IT管理和保护. If credentials are well protected, the impact of a ransomware infection on the organization can be reduced, preventing enterprise-wide operational disruptions to critical business processes.
通过实现业界领先的IAM和特权访问管理(PAM)功能, organizations can protect their crown jewels from ever being compromised, even in the scenario of an intruder gaining access to the corporate network.
Backup and recovery
最后, if a ransomware attack succeeds, despite your strong investment in all of the necessary factors we’ve explored so far, backup and recovery are crucial for getting your systems back up and running. 今天, decrypting the data is not a viable solution, 即使和攻击者一起打球也不能保证你能及时恢复全部访问权限.
而不是, 采取主动的方法——通过实现全面的备份电子游戏网站——是确保您能够迅速恢复的唯一方法. The best strategies usually involve frequently updated out-of-band, offline backups stored with secure cloud solutions and providers. 使用这种方法,您可以跨多个位置复制数据,从而提供额外的保护.
在任何勒索软件攻击到来之前,花点时间准备好您的IT灾难恢复计划. 这种方式, you can reduce confusion during a crisis, establish clear priorities and get back on your feet faster.
作为这个过程的一部分,确保运行测试,包括模拟和桌面练习. Be sure to document processes, 角色和职责,以便在这些不需要的入侵出现时,您可以准备好用一个明确的计划来处理威胁. 这些预防措施对于从您的网络保险供应商获得可行的保费也是必要的. It’s important to have adequate coverage, but to get insured, you’ll need to have the proper protections and controls in place.
CFGI的专家可以帮助您改善您的网络安全态势,以应对勒索软件攻击和其他威胁. Contact us today for a free 30-minute consultation.