Highlights from the August 24, 2022, webinar hosted by William J. Heaven, Senior Director, HBK Risk Advisory Services, with guests Justin Krentz, Senior Manager, Vertilocity, and Josh Prager, vCIO, Vertilocity
Watch On-Demand.
The How and Why of Ransomware Attacks
Ransomware is a virus that affects your devices, that can stop a device from working until you pay a ransom. They commonly come through malicious websites, email attachments to fake emails, links on emails, and downloadable applications. Paying a ransom doesn’t mean they’ll fix your computer or remove the virus and could even make you a target for more attacks.
Internal threats:
67 percent of data breaches due to human error
The result of phishing attacks: socially engineered attacks
Passwords that can easily be guessed; using same passwords for multiple accounts
Data leaks: sending to or granting access to individuals who should not have access to your data
External threats:
Nonexistent or expired anti-virus software or lack of firewalls
Out-of-support hardware
Unpatched software
Unsecured devices
Why businesses don’t have the security they need – common misconceptions:
It’s too expensive.
It’s not a top priority: Should have enterprise protections in place.
It’s too complex: Doesn’t have to be expensive and cumbersome.
Assuming that compliance is enough.
Preventive options: Seven layers of cybersecurity:
Mission-crucial assets:Build a robust plan, Reveal any vulnerability that can be used to compromise your data, Identify your security objectives, Provide customized recommendations and best practices NS Create an actionable recovery plan.
Data security: Classify and label data: Will automatically encrypt if someone tries to access it, Limit account access to sensitive data with privileged access management, Move data to the cloud to take advantage of advanced backup and rollback features and exercise it regularly, Ensure regular, thorough backups and validate and Exercise your business continuity/disaster recovery plan: Know who to call first, what to do first; if you don’t have a plan ask your IT provider for one.
Endpoint and application security : Clients, servers and browsers: Have to have security on these devices, Exposed endpoints allow access: Make sure anti-virus is up to date, Implement risk-based conditional access, Enforce multi-factor authentication and Do available software updates and monitor them.
Network and perimeter security: Monitor resources for abnormal activity, Adopt best-in-class tools to detect known threats, Use automation tools to detect known threats and Employ real-time threat detection solutions.
The human layer: People are your biggest risk, Do security awareness training, Build a security culture: Needs to be a top-down initiative with C-suite leadership, Employ a dark-web monitoring service: Can do a scan to see if you have any credentials available for sale on the dark web and If you can’t implement cybersecurity program on your own, bring in a professional cybersecurity provider.
Surviving an Attack
Start with a plan to mitigate potential damage: Who do I notify, how do we recover?
Stop the bleeding: Disconnect from the internet immediately and segregate compromised hardware; quarantine the compromised files.
Data recovery: Back up your data outside your network; have data backup requirements in your plan; do a clean sweep of data and applications.
Install the latest software and security updates.
Best defense against cyber threats is an informed workplace.
Have a cyber insurance policy woven into your disaster recovery plan.
Ransomware threat report: 2021-22
Average ransom demand increased 144 percent.
31 percent of U.S. companies closed after an attack.
At least one employee downloaded a malicious mobile application in 46 percent of organizations in 2021.
Ransomware breach response costs took up 52 percent of the overall cost of a ransomware attack in 2020.
Of the 32 percent of ransomware victims who paid the ransom in 2021, only 65 percent of the data was ultimately recovered.
