Intelligent CISO Issue 40 | Page 28

There are three critical steps to avoiding significant damage from a ransomware attack : training , threat detection and response .
You ’ re only as safe as the employee who knows well enough not to click on the wrong link in an email .
editor ’ s question

?

rom the largest

F enterprises to the local convenience store , everyone has to worry about ransomware these days . Even if you can ’ t prevent a ransomware attack , you can definitely take steps to help prevent one or at least minimise the impact on your business .

The first step is to get an honest assessment about your IT systems and overall environment . Discover any weaknesses by conducting a vulnerability scan or penetration test .
If possible , bring in a neutral third party to probe your environment so you know what to fix . The more you know , the better – even if that learning process feels brutally painful .
Once you have a realistic view of your vulnerabilities , you need to determine what risks are acceptable . This requires a discussion at the highest level of the company because you need a willingness to prioritise cybersecurity from the top down .
The good news is that the Colonial Pipeline attack opened up a lot of business leaders ’ eyes and they ’ re now ready to talk about cybersecurity .
After you have buy-in , it ’ s time to define your security strategy and what tools you ’ ll need . There are three critical steps to avoiding significant damage from a ransomware attack : training , threat detection and response . Security awareness training for all employees is essential . Most ransomware attacks rely on finding a back door into your IT systems through a phishing email .
You ’ re only as safe as the employee who knows well enough not to click on the wrong link in an email .

There are three critical steps to avoiding significant damage from a ransomware attack : training , threat detection and response .

TOM CALLAHAN , DIRECTOR OF OPERATIONS ( MDR ) AT PDI SECURITY SOLUTIONS
In terms of detection , you must be able to sort out potential cyberthreats from false flags and anomalies . However , with the sheer amount of IT systems and log data to monitor , you can ’ t expect to catch everything manually .
You ’ ll need automated tools that leverage Machine Learning and AI to identify valid threats . In other words , your tools should be as sophisticated as the cybercriminals ’ tools .
If you do identify a valid threat , response time is often the difference between isolating the threat , minimising the blast radius or getting infected . You must be able to respond in real time – typically in less than an hour – or the damage will already be done .
That ’ s a heavy burden for smaller organisations , especially if they have limited cybersecurity expertise or budgets . In that case , the DIY approach simply won ’ t work . Finding a reliable vendor to outsource cybersecurity management is often the safest and most cost-effective option to avoiding a ransomware attack .

You ’ re only as safe as the employee who knows well enough not to click on the wrong link in an email .

28 www . intelligentciso . com