In response to the Russian aggression and subsequent invasion of Ukraine, President Biden swiftly imposed stiff sanctions on Russia. This announcement was shortly followed by U.S. security experts calling for heightened awareness of Russian cyberattacks on U.S. businesses and the economic sector. As of today, U.S. officials have not identified any specific, credible threats related to the Russian-Ukraine tensions, however past cyber threats out of Russia call for increased vigilance.
In recent years, Russian hackers have been tied to some of the largest ransomware attacks in the U.S., including a major fuel pipeline and one of the largest meatpacking plants. With Russian sanctions now in place and new threats coming from Russia-based ransomware groups, business leaders must heed cybersecurity warnings and take necessary steps to reduce the likelihood and impact of a potential ransomware compromise.
What is ransomware?
Ransomware is malicious software that encrypts your files until you pay the criminals to have them unlocked. Most of these attacks are unsophisticated and rely on human error. There are many ways ransomware can gain access to a network. The most common method is through phishing emails. These emails will come with attachments disguised as a trusted file. When an employee clicks, downloads, and opens the malicious link, it can take over the victim's computer. Most victims don't know they are compromised until it's too late.
Following a ransomware attack, companies deal with complicated involvement from the local authorities, cyber insurance companies, and federal agencies (where appropriate) for months, even years. To better avoid ransomware events, organizations can take the following steps to protect themselves.
Steps to Protect Your Organization From Ransomware
The suggested best practices below are a good way to start down the road to a secure network environment. These methods help mitigate the human factor and keep your company protected from cybercriminals.
MULTI-FACTOR AUTHENTICATION
Multi-Factor Authentication (MFA) is a means of utilizing at least two or more of the following three 'factors' to identify a user attempting to log on to your network:
- Something you KNOW (username and password)
- Something you HAVE (a trusted smartphone, key fob)
- Something you ARE (fingerprint, eye scan, behavior, etc.)
With MFA enabled, in the event that an end user's password credentials were compromised, the hacker would also need to have stolen a second, or third required credential from their victim to gain access. It is always important to start with a strong internal password policy to minimize the chance for stolen credentials, however stepping up your authentication requirements to enable MFA with a two-, or even three-factor environment will help create an even more secure network.
Also, if you have VPN access for employees or third-party vendors, you should enable their MFA capabilities. Many applications already support MFA and need only to be activated. When selecting new applications, ensure they also support MFA.
One attack nuance to be aware of related to MFA is known as "Push Notification Spamming." This type of attack targets the human factor and relies on the user being distracted, confused, or overwhelmed by authentication requests and consequently approving a fraudulent attempt.
SECURITY AWARENESS TRAINING
One of the top methods for cybercriminals to gain network access is through a simple phishing email. Hackers precisely craft their emails to trick the recipient into downloading their malware, then hold their system for ransom. It is more critical than ever to NOT trust any email unless you were expecting it and its contents, and know or recognize the sender, NO exceptions.
This "human element" around this criminal tactic can be addressed by properly and consistently training your end-users. By setting up a security awareness training program you can have unannounced, phony phishing tests sent to your employees on a consistent basis. Over time, this will encourage employees to ask themselves, "Should I click on this link?" when blazing through daily emails.
SYSTEMS PATCHING
To create a secure environment, it is essential to have a disciplined approach when applying vendor updates and patches to company equipment. All major vendors consistently release updates and patches for their software and hardware to address security issues and other performance defects. Hackers can quietly perform scans on your network to look for any unpatched known vulnerabilities to exploit.
There are many entry points a hacker can take to covertly scan your network. Entry points are made when employees remotely hook into the backend of your system. A typical example of creating an entry point would be the connection made to your company server using the wireless network at a local coffee shop. Another point could be the connection to the company employee portal through the internet. Remember that if a patch for a vulnerability exists, the hackers know it and can tell if you haven't applied it. Take the time to apply critical patches to plug the holes in your security posture.
Ransomware breaches are a significant threat to organizations and individuals alike. Following the best practices listed above will further protect your sensitive data from cyber attackers. For a closer look at other cybersecurity best practices, review our Top 10 list for SMBs.
To find out where your company stands against cybercriminals, consider having a Cybersecurity Risk Assessment through Systems Engineering. An assessment is a great way to identify your cybersecurity risks and ensure you have the right mix of security measures in place to protect your organization from different attack vectors. Select the link below to learn what is involved in a Cybersecurity Risk Assessment.
For more information on maturing your security posture, talk with one of our cybersecurity experts here at Systems Engineering. Call 888.624.6737 or email info@systemsengineering.com. Clients, please reach out to your Account Manager directly.
