Three Layers of the Security Onion to Protect Against Ransomware

Even though your organization has not been burned by a ransomware attack, you may still be at risk to this increasing threat. And from our recent experience with small to mid-sized companies, the threat is real – and painful.

We have worked with some companies recently that had a ransomware attack which could have been prevented through some proactive and protective layers within their security strategy.

But first, what is ransomware? Ransomware a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. In many situations, ransomware authors order that payment be sent via cryptocurrency or credit card.

And the impact is not good. Downtime of hours or days without IT infrastructure and the potential loss of data. In many situations, you have to re-image computers and restore data from backups. This comes with lost productivity for IT staff and users. And in some cases, weeks later you are still tying up loose ends.

So, let’s review three layers of security to protect your organization. Like an onion, every layer of security protects the next one – if one is bypassed than hopefully the next layer will protect you.

  • Updated IT infrastructure and Operating Systems – If you have legacy servers, you may be opening yourself to risk. There are communities of attackers that work together to find vulnerabilities in specific operating systems that allow them to gain access. Older systems that are not on the latest operating systems may no longer get security updates from the OS provider to plug the hole from the attacker.

Your tasks:

  • Review your infrastructure and determine which systems need upgrading or updating.
  • Keep servers to modern security standards to reduce risk of attack.
  • Keep OS patches updated to latest versions
  • Secure access to your network – As you know, a firewall acts as the gateway between your internal network and the internet and blocks what is not trusted. Without a firewall with VPN, your infrastructure is exposed to the internet allowing attackers an easy path to get in. Attackers then use programmatic tools that guess passwords. The shorter the passwords the faster the breach.

Some companies are concerned about adding friction for users to use the systems such as two factor authentication.  But if it is easier for the user, it is also easier for the attacker.  The more attack vectors, the more stringent the security should be.

That is a balance that needs to be met – security vs ease of use.

Your tasks:

  • Ensure a secure way to connect to the network– firewall w/ VPN and two-factor authentication
  • Deploy a strong password policy across your organization
  • Security monitoring – Even though you have updated your IT infrastructure and have security access controls, there is still a risk that an attacker can access your systems. If they do get in, it may be days, weeks or more before they actually attack.

Attackers use specific tools from global IP addresses that may not be used within your organization. With a robust security monitoring solution, indicators on traffic patterns will ensure access is blocked. And you will be alerted on a profile that looks suspicious allowing you to take action.

Your task:

With these layers in place, your risk of an attack is reduced and your ability to monitor and control is much stronger. The NG2 team can work with you across all these layers to help make sure you have the right plan in place to protect your team members and business from loss.