ransomware , the majority of which do not require the commitment of significant human or financial resources .
18 sensible Critical Security Controls , CSCs to defend against ransomware attacks have been identified by The Centre for Internet Security . The CSCs also explain how firms can mitigate damage should it occur . As there is significant overlap for the 18 controls , they can be grouped under five approaches :
Electronic asset inventory
It is critical to take stock of all devices , fixed and mobile that can connect to technology platforms physically or remotely . By doing this an organisation will be able to discover any unauthorised or unmonitored devices and can secure or remove them as needed . On the software side , operating systems and applications must be secured with the latest security patches . It is then important to review employee credentials and permissions across local and remote devices , and grant or limit access to files , folders , applications , and external websites accordingly .
Vigilance of access points
The digital points connecting a business to the outside world are most at risk of a breach . These should all be identified and secured , including web links and emails with defensive techniques and the deployment of enhanced malware detection . This should be followed by a meticulous company-wide permission regime , which will prevent employees from straying to websites that could lead to a breach .
Security experts believe ransomware will begin targeting IoT devices as entry points , third-party applications , supply chain software .
businesses – especially financial providers – now require multi-factor authentication , MFA to log in . Even simple MFA , such as sending codes to a registered mobile phone number , can counter the majority , as much as 99 % of all phishing attacks .
Engage employees on security
Threat actors will actively target an organisation ’ s employees as a means of gaining access to their systems . Companies should therefore work to understand their staff ’ s understanding and reaction to ransomware and other threats . Appropriate measures should be rolled out via security awareness programs that aim to alter user behaviour if , for example , they are presented with a fake email or web page . The security awareness programs should also run simulations of threat scenarios to evaluate the company ’ s overall cybersecurity standing .
Upgrade security teams
Several reports online discuss a cybersecurity staffing shortfall ; however , many security organisations have instead found that the skills gap is a bigger challenge . This is a relatively straightforward fix , an organisation must simply invest into upskilling its security analysts , so they can better take on the threats of today and tomorrow . Cybersecurity analysts should be upskilled on issues such as cloud security , machine learning , purple teaming , and other relevant topics .
The ongoing evolution of ransomware means that companies are more at risk than ever before . It is therefore vital that organisations remain vigilant and take steps to ensure that their systems and data will never be compromised and be a source of profit for bad actors . •
Prepare for the worst
Organisations should always prepare for the worst-case scenario to ensure that the ensuing damage will not be as severe . Several industry resources that highlight current threats are available and should be taken advantage of . A common vulnerability that has afflicted businesses across sectors is reused passwords . Due to this , many
40 www . intelligenttechchannels . com