By: Hatem Naguib, Senior Vice President and GM, Barracuda Networks
The connection between IT security and data protection has never been as tight as it should be inside most organizations. In a perfect scenario, the identification of a probable security threat would initiate a series of backups to ensure there is no data loss or breach in data security. However that theory has been around for decades, the rise of “ransomware” is now turning that best practice into an absolute necessity.
The growth in ransomware attacks is expected to continue throughout the year, and expand to other platforms such as Macs, smartphones, and IoT endpoints. Even the most successful iterations of ransomware will evolve to stay ahead of defenses grown as a method of attacking businesses and other large organisations. It is nothing but a number of versions of malicious software which takes control of a target computer and then encodes all the data on it, rendering it inaccessible. Be it an individual or an SME or a global corporation—nobody is now safe from ransomware, phishing, and advanced persistent threats. A successful attack, apart from being terribly costly can cause huge damage to your Brand reputation.
But there is a lot you can do to reduce the risk. Here are our top 10 tips for preventing ransomware, phishing, and APT attacks:
1. Understand the targets
There is a common misconception that only large scale companies are its prey and SMEs are safe. However, results show a complete different picture. SMEs are infact more vulnerable. No company or bank account is safe.
2. Secure all internet threat vectors
Multiple attack vectors including user behavior, applications, and systems are exploited by the modern attacks and having a mere firewall is not enough. Email, web applications, remote users, on-site users, the network perimeter, and remote access are some of the attack vendors.
3. Secure all attack surfaces
With more and more businesses migrating to virtual and cloud environments, hybrid networks are increasingly becoming the norm. Effectively securing cloud or SaaS-based applications like Office 365 requires a comprehensive solution designed to centrally manage hybrid networks.
4. Educate your users
User behavior can be your single greatest vulnerability. Good security is a combination of enforcement, monitoring, and user education—especially against threats like phishing, spear phishing, typo-squatting and social engineering.
5. Don’t forget your remote workforce
The mobile revolution drives productivity but it also means much of your workforce is connected via personal devices which creates a huge potential gap in your security if not properly protected.
6. Keep your systems updated
When vulnerabilities in platforms, operating systems, and applications are discovered, vendors issue updates and patches to eliminate them. You must make sure that you’ve installed the latest, on all potential attack surfaces.
7. Detect latent threats
There is a huge possibility that your system contains a number of latent threats. It might be a hostile link or attachment waiting to be opened. As such, all applications—whether locally hosted or cloud-based—must be regularly scanned and patched for vulnerabilities.
8. Prevent new attacks
Attacks are evolving and coming your way every day. To stop them, you need advanced, dynamic protection with sandbox analysis and access to up-to-the-minute global threat intelligence.
9. Use a good backup solution
A simple and reliable backup system is the need of the hour. When data is corrupted or stolen by malware, simply restore from backup and get started.
10. Keep management simple
As networks and threat landscapes are growing more complex, security management can become a major burden on IT staff. And this will only cause security gaps. Minimize both risk and cost with a simple, comprehensive solution that provides “single-pane-of-glass” security administration and visibility across your entire infrastructure.
As cybercriminals become more sophisticated in their use of social engineering techniques to indulge more end users into downloading malware, it’s only a matter of time before IT organizations find themselves routinely dealing with these attacks. The real issue at hand is the poor state of data management hygiene that exists inside most IT organizations today. For this reason, it is imperative that organizations revisit their data protection strategies. Some of these tips may be more challenging to implement than others. Safe computing should be practiced —and maintaining that awareness over time—may be the most difficult, but it may also bring the greatest benefits.