Tech CEO Updates: Preventing Ransomware and Other Malware Disasters
Preventative Measures
Here are are five steps that organizations can take to minimize the risks of malware attacks:
- Ensure one is adequately protected and secured at all levels
- Keep current with the software patches
- Audit policies and processes and test backup and recovery
- Perform proactive detection
- Recover quickly and communicate the status
While adequate protection sounds easy, it can be quite complicated, as it needs to include processes, procedures and tools covering applications, databases, end-user and IoT devices, infrastructure, networks, and system components.
It also means that the organization performs frequent backups of applications, data and systems and that these backups are secured and not connected to networks or systems that can be attacked (i.e., air gapped). In that there may be a delay period between the initial hack and the lock up of the systems, users should have multiple backups taken at different times in place so that the odds of recovery are increased.
Software vendors continually update their software to new versions and to fix bugs that keep cropping up. Some flaws are critical, which means they are the most vulnerable to being used as points of attack. Users must install the latest versions (such as Microsoft Windows 10) and the patches as soon as they receive them.
However, this tends to not be the case for most organizations and especially users that are responsible for their own devices, such as BYOD laptops and smartphones. It only takes one single point of entry for malware to gain access to a system and then contaminate the whole network.
Thus, it is important to not be lackadaisical about keeping software current and patched.
Small business owners must audit their policies and processes and assess their controls and frequency of controls at a minimum once yearly and after any significant attack. The rate of technological change keeps increasing and enterprises need to ensure their risk exposure remains acceptable at all times.
Part of that includes testing backup and recovery processes.
One needs to ensure it is possible to switch over to the backup software and/or systems successfully and can recover all necessary applications and data from a particular recovery point and time.
There are numerous software and SaaS solutions available that can be used to perform proactive detection against malware. Companies should at a minimum make sure they are using software tools that protect email systems from various forms of cyberattacks, as these tend to be the weakest links due to unintended user mistakes.
It is also advisable that firms employ third parties to do penetration testing as a preventative measure. While all these items can add up to an expensive security package, the alternatives can be much worse. The key is knowing what one’s risk exposure is.
Many cybersecurity firms are working on machine-learning algorithms that can spot the ransomware attacks and shut them down.
However, three families – cryptowall, locky, and reveton – cannot be distinguished well for binary classification and proactive protection.
Lastly, one needs to be able to quickly recover from any malware attack. Having backups is one thing; being able to use them to get production systems back operational again is another. Users need to be sure they can make that happen.
Additionally, executives need to be able to get the message out that the company has weathered the storm, no damage was done, and it is back fully operational.
Summary
Malware is a major threat to every organization and IT assets every day and to the point where it could jeopardize one’s business survival. Small business owners and IT executives must plan to be hit by sophisticated malware attacks on an ongoing basis.
Small business owners and IT executives must aggressively invest and keep current in version and patch levels and in security detection and prevention measures.
The objective should be to attain an acceptable risk exposure level so that when hit by a malware attack it does not cripple the business. Small business owners and IT executives should ensure that no attack could result in a major data loss, an extended outage, corporate embarrassment, or loss of customer loyalty.
Related articles: