EXPERT
OPINION
Organisations
need to take steps
now to protect
their networks
and networked
resources from the
growing problem
of sophisticated
ransomware.
that do not meet security policy is
recommended. We also recommend
segmenting the network into security
zones to prevent the spread of
infection and tie access controls to
dynamic segmentation.
• Use inventory tools and IOC lists
to prioritise which of your assets
are most at risk. Make sure that
ransomware recovery is part of the
BCDR, identify a recovery team, run
drills and pre-assign responsibilities
so systems can be restored quickly
in the event of a successful breach.
• Update email and web security
gateways to check and filter out
email attachments, websites and
files for malware. Make sure that
CDR (content disarm and recovery)
solutions are in place to deactivate
malicious attachments. Use a
sandbox to discover, execute and
analyse new or unrecognised files,
documents or programmes in a
safe environment.
• Block advertisements and social
media sites that have no business
relevance. Use Zero Trust network
access that includes virus
assessments so users can’t infect
business-critical applications, data or
services. Use application whitelisting
to prevent unauthorised applications
from being downloaded or run.
• Prevent unauthorised SaaS
applications with a CASB solution.
Use forensic analysis tools to
identify where an infection came
from, how long it has been in the
environment, ensure it is removed
from every device and ensure it
doesn’t come back.
• Plan around the weakest link
in your security system – the
people who use your devices and
applications. Training is essential
but limited. Proper tools, such
as secure email gateways, for
example, can eliminate most, if not
all, phishing emails and malicious
attachments. Leverage people,
technology and processes to
quickly gather threat intelligence
about active attacks on your
networks and act on it, using
automation where possible. This
is crucial to stopping an advanced
attack in its tracks.
Now is not the time to take your
eye off the ball
Even though we are all running as fast
as we can to keep our businesses up
and running, we are also more exposed
than ever to criminals who want to take
advantage of this crisis. Ransomware and
other advanced threats have not slowed
down just because we are busy. In fact,
based on our ongoing analysis of the
threat landscape, the opposite is true.
Most organisations should have their
remote worker strategy in place. Now
is a perfect time to review the steps
outlined above, conduct a thorough
review of your security policies and
make necessary adjustments. Prioritise
your challenges and work through
them one at a time. Every step you take
now to tighten down your policies and
practices is a threat averted. And we
could all use one less thing to worry
about right now. u
www.intelligentciso.com | Issue 28
43