• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
  • TPRM by ThirdPartyTrust
  • Beacon by ThirdPartyTrust
  • Solutions
  • Risk Assessment Automation
  • Security Questionnaire Automation
  • Shadow IT Management
  • Zero Day Remediation
  • Integrations
  • Industries
    • Financial
    • Energy
    • Healthcare and Hospitals
    • Legal
    • Life Sciences
    • Manufacturing Industry
    • Retail
    • Technology
    • Other Industries
  • Pricing
  • Resources
  • Blog
  • Strategy Guides
  • Case Studies
  • Data Sheets
  • Webinars
  • Dictionary
  • API
  • Company
  • About us
  • Careers
  • Partners
  • Partners Login
  • Product Security
  • Privacy Policy

10 Ransomware Tips from a CISO: How to Prevent, Detect, Contain, and Respond to Attacks

Published by Guest Writer on October 13, 2021
Categories
  • Blog
Tags
  • Cybersecurity
  • TPRM Best Practices
ransomware tips cybersecurity
Due to the rash of headline-stealing ransomware attacks over the past year, ransomware preparedness has become a board-level issue for most CISOs. There is a lot of advice out there on how to prevent, detect, contain, respond to, and recover from a ransomware attack.
These are the ten ransomware tips I have found to be most effective.

Top ten Ransomware Tips from a CISO


1. Utilize multi-factor authentication (MFA) for privileged user accounts
For ransomware to encrypt an organization’s critical data, it must have access to it. One of the most common ways attackers obtain that access is by stealing and using the credentials of privileged users (often by phishing a system administrator).
One of the best ways to prevent a successful ransomware attack is to make sure stolen privileged credentials are useless to the attacker. Mandating multi-factor authentication for privileged users is the easiest way to accomplish this objective.
2. Implement measures to keep ransomware out of your environment
One way to avoid a devastating ransomware attack is to make sure that the ransomware does not make it into your environment in the first place. The entry point is often email, either as an attachment or via a download from a clicked malicious embedded link.
A good email security solution (whether gateway or API-based) will greatly reduce email borne ransomware from getting into your environment.
3. Implement measures to stop ransomware from detonating / executing
If ransomware does make it into your environment, you will want to stop it before it can do its damage. A good next generation endpoint security solution, comprehensively deployed to every host, is a ‘must have’ in 2021.
Since ransomware is constantly evolving, your endpoint security software should leverage non-signature-based mechanisms for detection such as deep learning, behavioral heuristics, and other techniques proven to detect unknown bad.
4. Segregate your network and consider adopting a zero-trust architecture
If ransomware does detonate within your environment, then you want to contain the damage as much as possible. Traditional network segmentation, i.e., dividing your network into segregated security zones, is extremely helpful. For even better protection, consider implementing microsegmentation technology or adopting a zero-trust architecture.
5. Simulate ransomware attacks
How do you know if your prevention strategies will work? You don’t unless you test them. Two great ways to test your ransomware defenses are through purple team exercises and attack simulation software. Most security firms with red teams can simulate common ransomware strains. Many breach and attack simulation tools can do the same.
6. Airgap backups and / or use immutable storage
If all the above fails, and your organization is victimized, your focus will turn to recovery. Smart attackers will target your backups. If your backups are compromised, you will have no way to recover your data other than paying the ransom.
Make sure to harden, i.e. lock down, your backup system. Consider air-gapping your backup system, using traditional offline media, e.g. tape, or immutable (non-rewritable) online storage.
7. Have a good ransomware response plan
For all aspects of a ransomware containment, response, and recovery, you need a plan. Most botched ransomware responses occur because the victim organization is “winging it”. Your ransomware playbook should cover roles and responsibilities, third party assistance, decision criteria, communications, etc.
Consider using a trusted third party, such as outside counsel or your incident response firm, to assist you with the development of your ransomware response playbook.
8. Conduct ransomware preparedness exercises
One the biggest factors determining the extent of damage and the business impact of a ransomware attack on your organization is the speed and quality of your response to it. Stated simply, practice makes perfect.
You should conduct regular functional and tabletop exercises so that your organization’s ransomware incident response playbook can be executed from muscle memory. These exercises also tend to reveal weaknesses in your plan that can then be corrected to improve your response.
9. Transfer residual risk to an insurer via a cyber insurance policy
If your organization does not already have a cyber insurance policy that covers ransomware attacks, consider adding it. In addition to paying many of the expenses associated with a ransomware attack, most insurers can facilitate ransom payments (if needed).
But be warned. Due to the recent rash of ransomware attacks, many insurers are increasing underwriting standards, decreasing coverage, and raising deductibles and premiums for cyber insurance policies (if they continue to offer ransomware coverage at all).
10. Don’t forget about third parties!
Organizations are more reliant on third parties than they have ever been. No matter how prepared your organization is for a ransomware attack, there is little you can do if a critical third party vendor falls victim to a ransomware attack and is unavailable for an extended period.
That is why it is important to have a robust third-party risk management program (TPRM) that includes a thorough review of the ransomware resiliency measures each critical third party has adopted. Beyond that, you will want to ensure your business continuity plans include contingencies for extended unavailability of critical third parties.
 
Download Ransomware Research
Ransomware in the Technology Sector Feature Image

The Impact of Ransomware in the Technology Sector


Our research report contains key findings for the Technology industry, so that your organization can avoid future ransomware incidents.
You will learn: which vulnerabilities are closely tied with ransomware campaigns, how to prevent them, and how can Technology professionals like you stay ahead.
Get the Report
About the author:
bradley profile photo

Bradley J. Schaufenbuel

(CISO, CISSP)
Vice President and Chief Information Security Officer at Paychex, a leading payroll, human resource, and benefits outsourcing company. He is a speaker at industry conferences and author of multiple books (including two “For Dummies” titles), and has had numerous articles published in professional journals on a wide variety of topics related to information security and governance.
Guest Writer
Guest Writer
    • Phone
      |+1-617-245-0469
    • Address
      |
      111 Huntington Ave, Suite 2010, Boston, MA 02199
    • Sales
      |sales@bitsighttech.com
    • Contact Us
    Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

    ©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
    • BLOG
    • PARTNERS LOGIN
    • CONTACT US
    • PRIVACY POLICY
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Reject AllAccept
    Cookie Settings
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT