How to use a defence-in-depth strategy to minimize opportunities for ransomware attacks
Newsroom

How to use a defence-in-depth strategy to minimize opportunities for ransomware attacks

By July 13, 2020 July 17th, 2020 No Comments

How to use a defence-in-depth strategy to minimize opportunities for ransomware attacks

With no way to completely protect your organization against malware infection, you should adopt a ‘defence-in-depth’ approach. This means using layers of defence with several mitigations at each layer. You’ll have more opportunities to detect malware, and then stop it before it causes real harm to your organization. You should assume that some malware will infiltrate your organization, so you can take steps to limit the impact this would cause, and speed up your response.

Tip 1: Make regular backups

The key action for mitigating ransomware is to ensure that you have up-to-date backups of important files; if so, you will be able to recover your data without having to pay a ransom.

Tip 2: Prevent malware from being delivered to devices

You can reduce the likelihood of malicious content reaching your network through a combination of: 

  • Filtering emails to only allow file types you would normally expect to receive
  • Blocking websites known to be malicious
  • Actively inspecting content
  • Using signatures to block known malicious code

These are typically done by network services such as mail/spam filtering, intercepting proxies which block unknown malicious websites, internet security gateways, and safe browsing lists.

Ransomware attacks can also be deployed by attackers who have gained access to networks through remote access software. You should prevent attackers from being able to brute-force access to your networks through this type of software by using multi-factor authentication or ensuring users have connected through a virtual private network in order to ensure safe transit of data.

Tip 3: Prevent malware from running on devices

A ‘defence in depth’ approach assumes that malware will reach your devices. You should therefore take steps to prevent malware from running. The steps required will vary for each device type and OS, but in general you should look to use device-level security features such as:

  • Centrally manage devices to only permit applications trusted by the enterprise to run on devices or only permit the running of applications from trusted app stores or other trusted locations
  • Keep your anti-virus or anti-malware software up to date
  • Provide security education and awareness training to your workforce

Attackers can force their code to execute by exploiting vulnerabilities within the device. Prevent this by keeping devices well-configured and up to date by: 

  • Installing security updates as soon as they become available
  • Enabling automatic updates for operating systems 
  • Always using the latest versions to take advantage of the newest security features
  • Configure host-based and network firewalls, disallowing inbound connections by default

Tip 4: Limit the impact of infection and enable rapid response

If put in place, the following steps will ensure your incident responders can help your organization to recover quickly:

  • Use two-factor authentication to verify users thus if credentials are stolen they can’t be reused
  • Ensure obsolete platforms are properly segregated from the rest of the network
  • Regularly review and remove user permissions that are no longer required, to limit malware’s ability to spread
  • System Administrators should avoid using their administrator accounts for email and web browsing, to prevent malware being able to run with their high levels of system privilege
  • Architect your network so that management interfaces are minimally exposed
  • Practice good asset management, including keeping track of which versions of software are installed on your devices so that you can target security updates quickly if you need to.
  • Keep your infrastructure patched, just as you keep your devices patched and prioritize devices performing a security-related function on your network (such as firewalls), and anything on your network boundary.
  • Develop an incident response plan and exercise it

For more information, tips and expert insights on Cyber Security for the Manufacturing industry, subscribe to our Manufacturing security newsletter here.

———————-

Source: NCSC, Kivu Consulting report, Phonemon study, Mindsight

Tags: