Pub15-2020-2021-Issue5

WWW.NEBANKERS.ORG 16 Top Six Controls to Mitigate a Ransomware Attack TECH TALK Kelley Criddle, Information Security Consultant, SBS CyberSecurity, LLC C OMBATING A RANSOMWARE SCENARIO CAN BE INTENSE and stressful, so most organizations agree that it is better to stop the attack from happening in the first place. Below you will find the top six controls that can be put in place to protect your organization's network and data from a ransomware attack. 1. Backup, Backup, Backup It's important to note that backing up your network's data will not prevent a ransomware attack in the future, but doing so will make the situation abundantly less stressful. It's been said that there are two types of people in this world: 1) those who back up their data, and 2) those who wish they would have. It is a good rule of thumb to stick with the 3-2-1 rule. Have at least THREE (3) copies of data, store your backups on TWO (2) different types of media, and keep ONE (1) backup off-site; in other words, keep one copy of the data air-gapped. Creating an "air-gapped" backup would make it very difficult for an attacker to infect this copy of your data with ransomware. 2. Endpoint Protection with Scripting Control When it comes to today's current antivirus or endpoint pro- tection solutions, there are two (2) types of solutions: 1. T raditional, signature-based antivirus/endpoint protec- tion solutions that rely on a known signature to identify if a file is potentially malicious ; or 2. M odern, behavior-based antivirus solutions that look at the code of a file to determine what actions the file will look to take when executed. While there are pros and cons to each, modern behavior- based antivirus solutions will handle and identify unknown and unidentified threats, rather than relying on known-bad signa - tures to prevent potential cyber incidents. It's strongly recommended that you use a modern, behavior- based solution with second-generation detection capabilities, including scripting control. Keep in mind, some providers claim their product has scripting control consistently fail to detect Powershell scripts running on your network. Applications lacking scripting detection will not be helpful in the event an attacker uses the Powershell tool to create scripts that auto- mate attacks. Your antivirus solution should be configured to the highest level of security, alerting and protection. These controls would be able to stop any scripts that would attempt to run without the user's permission. Modern, behavior-based antivirus solutions should also alert the user if any red flags (malicious behavior) are detected on your devices. 3. Multi-Factor Authentication Multi-Factor Authentication (MFA) is an authentication method in which a user is granted access to an application only after allowing two or more pieces of evidence to the authentica- tion mechanism, such as an SMS code, soft token or hard token. When enabled on a system, MFA would prompt the user if a malicious adversary tried to log in to an account, since the at- tacker should not have access to your smartphone (SMS or soft token) or hard token (physical device). Not only would implementing MFA help prevent a ransom- ware attack, but doing so would mitigate the risk to various other cyberattacks as well, such as credential stuffing, business email account takeover, and phishing attacks. However, just like with every other control, MFA has its drawbacks. You must train employees only to provide authentication factors when they know they are logging in themselves. 4. Security Awareness Training Employees are your first line of defense and are known as the "human firewall." It is important to educate workers of potentially malicious email attachments, links, website down- loads, and other methods of spreading ransomware – including how to identify phishing emails and what to do if they receive