Can ransomware be prevented? Five steps to stopping cyber threats in their tracks

Could preventing a ransomware attack be as simple as a 5-step process? There are certainly a few things we should all be doing to reduce the risk of a cyber-attack, to help slow (and sometimes stop) it spreading through an organisation, and to make recovery and clean up a lot easier.

If we start with what a Ransomware attack is, this happens when cybercriminals gain control of an organisation’s data, usually through a phishing email and typically to encrypt data, denying access until they receive a ransom payment (almost always in some form of cryptocurrency). Any type of cyberattack can prove costly and frustrating but forcing a company to pay a ransom to access its own data can be particularly infuriating.

However, there are five essential steps we should all be doing to help reduce the chances of a ransomware attack and mitigate any effects of a breach. Some of these steps may be out of reach for smaller organisations, but they should be aspirational and are seen as good practice for everyone.

Employee Education

Arguably one of the most important steps to implement. Ransomware often enters your organisation via a phishing email which an employee would then open. The malware-infected email would install and scan for critical data which it would then encrypt and hold for ransom. Educating employees on the ransomware threat and what they should do if they receive one, or if they have clicked on a suspicious email, is vital in preventing a cybersecurity breach.

A really good way to educate employees, aside from the usual information security training, is to run a phishing and social engineering simulation test, to integrate best practice process in every employee.

It is important to ensure any third-party vendors are also educating their employees on cybersecurity best practices as criminals could easily exploit weaknesses in their network to breach a client company. As part of your vendor review process, ensure you understand the lengths your vendors are taking to impart security in the general culture of their organisation.

EDR & Vulnerability

Your next line of defence is the endpoint. Ensure your EDR and Vulnerability scanning software is kept current. It is vital that all threat detection software is kept up to date and systems are scanned for vulnerabilities regularly. Verify and patch systems as soon as patches become available. The longer it takes to patch a vulnerability, the more exposed you are, and more likely it will be that cybercriminals will exploit this weakness.

Multi-Factor Authentication (MFA):

‘Zero trust’ is a hot topic lately but it is unfortunately not a simple switch to flick on. As a start on your Zero trust journey, you should enable Multi-Factor Authentication (MFA) across your environment. This would require a user to successfully present two or more pieces of evidence to an authentication mechanism, most commonly through a one-time password delivered via text or an authentication app. This makes it considerably harder for a cybercriminal to breach an organisation’s defences.

Least privilege permission model

Least privilege access is when a user or group is only given the minimum level of permissions needed to perform a given task. A user or group will only ever have the minimum permissions/access required to perform their role within the organisation. This reduces the cyber-attack surface as most advanced ransomware attacks rely on the exploitation of privileged credentials. Removing local administrator rights from users will help to reduce the risk. Using the just-in-time (JIT) access methodology can allow organisations to elevate permissions for human and non-human users in real-time.

Additionally, by enforcing least privilege on endpoints, malware/ransomware attacks are unable to use elevated privileges to increase access and move laterally to install or execute malware/ransomware on any other endpoints. Finally, enforcing a least privilege permission model helps organisations demonstrate compliance with a full audit trail of privileged activities.

Data Backups

The final step is your back-ups, arguably the most important step. Data is the lifeblood of almost every business so backing up data has never been more crucial. It is even more crucial to have clean back-ups that are stored in a secure off-site environment. Immutable backups offer the most robust layer of protection as they allow you versions of critical data that cannot be targeted by malicious actors and/or ransomware. They cannot be unintentionally changed and are resistant to tampering.

Advantages of immutable backups:

• Protection against ransomware: Immutable backups are at the top of the list of ransomware protection as they cannot be modified or affected by malicious encryption.
• Threat prevention: Immutability safeguards your data from both internal and external threats. It offers protection from the likes of disgruntled former employees or a threat actor that is looking to harm your business.
• Regulatory Compliance: Managing an unaltered version of data will allow the business to follow and adhere to strict compliance requirements.

So, there you have it: ransomware prevention in a five-step nutshell.

If only. In reality, implementing some of the above processes and solutions are usually an ongoing project slowed by time and resource constraints. The important thing to remember is that no matter the size of your organisation, you should make a start on your cybersecurity journey and stay vigilant to the ever-present threat of cybercriminals.