In our conversations and engagement with our customers, we learned that there is a lot of need to understand today’s buzzwords around endpoint protection, data protection, malware, ransomware and others. This short write-up covers some thoughts around the first phase “Prevention” in a good data security/protection approach for an organization. We will cover the other parts in later articles – not because they are less important, but simply to keep this first one short and interesting. As mentioned, your overall threat management should cover these areas:
Prevention – Implement processes and technologies to minimize the risk of malware or ransomware impacting your organization
Detection – Implement technologies that allow a quick and reliable detection of security incidents and a process for security incident management
Containment – Implement technical concepts to minimize the impact of a security incident
Removal / Recovery – Ensure that there are reliable means to recover data e.g. from regular backups.
When looking at security risk areas, Ransomware attacks are one of the fastest growing malware threats. On average, more than 4,000 ransomware attacks have occurred daily since the beginning of 2016.
Ransomware is a type of malicious software that infects and restricts access to a computer until a ransom is paid. This is something that affects businesses of all sizes and types, but the good news is that there are best practices an organization can adopt to protect their business from ransomware and other malware attacks.
While there hardly will be a 100% protection, there are things that can be implemented in a reasonable time frame and without breaking the bank.
Our recommended approach to address potential exposure consists of actions in the three areas of “People”, “Processes” and last but not least “Technology”.
People
1. In many cases, the end users are the targets in a ransomware or virus attack. Implementing an awareness and training program helps minimizing the risk of employees for example opening attachments from in e-mails from unknown sources. Employees should be aware of the threat of ransomware, other malware/viruses and how these are being delivered to them.
Processes
1. Ensure your operating systems, software, and firmware on devices are being patched on an ongoing, regular basis. Many malware packages can only spread on systems that have an exploitable software installed and those vulnerabilities are typically being fixed rather quickly be the operating system and software manufacturers. A centralized patch management system can the IT team keeping systems updated.
2. While not always a very much appreciated approach, managing the use of privileged accounts and not giving end users administrative rights on their workstations/notebook has helped many companies and prevented malware from easily spreading in an organization. Application of the principle of least privilege is also a very good practice in first place.
3. With this least privilege approach in mind, check the access controls in place and include file, directory, and network share permission down to the level of read, write, delete access. If only read access is required, only read and not write or delete access should be granted.
Technology
1. Implement an endpoint protection solution that provides not only protection from known viruses, but analysis the vulnerability of the device and allows to automatically apply potentially available patches and updates.
2. In your e-mail system, enable strong spam filters to filter out phishing emails and implement technologies like SPF (Sender Policy Framework ), DKIM (DomainKeys Identified Mail) and DMARC (Domain Message Authentication Reporting and Conformance) to prevent email spoofing.
3. Configure your firewalls to block access to and from known malicious IP addresses.
4. Allow endpoint devices and servers to only execute known and permitted programs from known locations
We hope that this information was helpful and gave you some thoughts around securing the IP and data of your organization. Of course we would love you to reach out to us in case there is any area we can help with – either developing a security roadmap, finding the right technical solutions for your specific scenario or even with the definition and implementation of new processes.
Please feel free to reach out to either of us at any time for a discussion or setting up a meeting
Thomas Runge, Managing Partner
Phone: +1 513-633-4090 (m)
Wayne Kiphart, Managing Partner
Phone: +1 513-307-7933 (m)