Today’s cyber threat landscape is extremely challenging. Ransom this, ransom that, ransom everywhere – information technology (IT) professionals must work to protect organizations against the next big ransomware attack. Over the years, the sophistication of ransomware attacks has increased as well as the amount of money demanded and paid out in exchange for the ransom-held information. This is why it is extremely important that organizations equip their employees with the knowledge and awareness necessary to identify activities that lead to such attacks.
Preventing and responding to ransomware attacks require an awareness of ransomware threat vectors as well as a people-processes-technology approach to mitigating associated risks. Employees must understand how to detect and avoid common attack vectors. This requires strong cybersecurity awareness and training. As part of the training, employees should be presented with a policy that instructs them to:
- Identify and avoid common attack vectors (e.g., phishing attempts)
- Delete suspicious emails containing links
- Avoid visit malicious websites
There’s some evidence that United States employees may lack knowledge of the increase in ransomware attacks as well the more damaging and destructive nature and scope of the attacks. In June 2021, Armis reported the results of survey responses for over 2,000 respondents from across the United States. Based on the findings, it was evident that end users are not paying attention to major cybersecurity attacks plaguing operational technology and critical infrastructure across the country, signaling the importance of businesses prioritizing a focus on security as employees return to the office. The report included findings in the following four areas:
- Education and Awareness of Cyberattacks
- Severity and Lasting Impact of Attacks
- Attacks that Target Healthcare
- Bring Your Own Device (BYOD)
The results indicated that respondents were unaware of the most recent and damaging cyber attacks despite the news headlines and attention given by the media, noting that over 21% of respondents were unaware of the Colonial Pipeline cyberattack. Regarding the long-term impact of the attack, 24% of respondents believed that the incident would not have any long-lasting effects on our nation’s fuel industry. The survey also looked at the use of employee personal devices to perform work for their employer and learned that
- 26% of the companies do not have any policies in place to secure both work and personal devices,
- Over 71% of employees intend to bring their work-from-home (WFH) devices back to the office, and
- 54% don’t believe their personal devices pose any security risk to their organization.
The human factor plays a large role in identifying, or failing to identify, cyber incidents. Humans are also instrumental in reporting the incidents. Therefore, organizations must invest in training their workforce on how to identify and report a suspected incident. As such, focusing on training and preventing the most common sources of malware infection is encouraged. Simply installing anti-virus software on employees’ computers is not enough. Their behaviors are key to protecting against malware infection. Why? Because in today’s highly organized cyber-criminal world, there are entire organizations dedicated to continually developing malware that cannot be detected.
Organizations must also invest in implementing best practices that focus on preventing a malware infection such as regular vulnerability scanning to identify and address vulnerabilities, patching and updating software, as well as ensuring that devices are properly configured and that security features are enabled.
In addition to effective cybersecurity awareness and training (e.g., training people to identify phishing attacks), the use of technology can greatly mitigate risks. For example, security configuration management (SCM) and file integrity monitoring (FIM) are tools that automate maintaining secure configurations. While SCM notifies and offers detailed remediation instructions in order to bring a misconfigured system back into alignment, FIM is a technology that monitors and detects changes in files that may indicate a cyberattack. As businesses invest raising awareness of cyberattacks, both of these tools will help organizations protect against them.
About the Author: Ambler is an attorney with a background in corporate governance, regulatory compliance, and data privacy. She currently consults on governance, risk and compliance, enterprise data management, as well as data privacy and security matters in Washington, DC.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.