Layered Approach is Best Defense Against Ransomware
Recent news that a hospital in Los Angeles forked over $17,000 in ransom to hackers who infiltrated its record-keeping system, and held the data hostage, renews fears about the safety of our most sensitive information. If hackers can capture records and hold them for ransom – which most companies pay with rapidity, by the way – couldn’t they also compromise the data itself, leading to a compromise in care?
The answer is yes, which is pretty scary. But it appears that, mostly, criminals don’t want to hurt people. They just want to make money – and they know that their victims will take the easiest and quickest path to restoration and simply pay the ransom to retrieve their precious data.
Because no network is invulnerable to the category of cyber-attack known as “ransomware,” the best weapon against them is simply a strong defense. And the best defense is obtained through a layered approach.
The best first line of defense is to have a good firewall. This product filters traffic as it comes into a network. But a firewall out of the box is not enough. It’s important to utilize the firewall’s security services (at additional cost) by licensing the firewalls to unlock features such as:
- Gateway Anti-virus: anti-virus scanning at the firewall level as internet traffic comes in as opposed to an anti-virus that is on the workstation level.
- Intrusion prevention: this feature blocks traffic that is identified as a worm/Trojan/or other type of exploit. It also can be configured to block traffic from certain countries where the attacks are known to originate. For example, you can block all traffic coming from Russia or China, two common places of origin.
- Content filtering: setting up rules based on key words and groups such as “gambling,” “pornography,” “weapons,” etc., as well as categories of sites that are prohibited in a workplace environment, since many of those types of sites contain embedded threats which can infect a user’s machine.
A second layer of defense is to install anti-virus software on the local machine. If traffic does not originate from the internet – such as someone bringing in an infected laptop to the network – it’s important for all other machines to have active anti-virus installed on them.
Of course, technical solutions can never be 100% foolproof, but a layered approach – coupled with consistent monitoring and maintenance, such as patching (which addresses known viruses) – is always non-negotiable.
A third layer of defense is user education and you can click here to see an article. Everyone who has a computer and access to the network needs to be diligent and aware of things that could open the door to a cyber-attack, such as spoofed emails, emails with unsolicited attachments, pop-ups on their computer screens, and more.
While these three defense methods are indeed vitally important, they’re not enough to do the job alone. Tools such as Malwarebytes (which references a database of known threats and scans machines for them), Open DNS (a third-party service where internet traffic is checked against a list of known malicious or otherwise “bad” websites and blocks traffic to or from them), and other forensic tools (which we’ll discuss in a future blog) should also be part of any arsenal. In today’s world of always escalating cyberattacks – an arms race for the new era – it’s important to keep your defenses up to date.
Sure, companies can pay ransom for retrieving data seized through a ransomware infiltration, but the best scenario would be to avoid an attack altogether.
For more on TNSC’s SecureIT product, click here