The news that frequently appears in the newspapers makes it clear that ransomware is not just another urban horror story, having already become the scariest threat to companies around the world.
For the most part, these attacks follow a very common methodology: an employee takes the bait of security tactics. social engineering and opens a malicious email attachment. Or, attackers gain access to a company's systems after obtaining their credentials and passwords through information leaks, employing brute force techniques or purchasing this initial access data on the Dark Web. Another attack vector that cybercriminals commonly exploit are vulnerabilities in software or applications that, if not corrected, allow them to infiltrate a corporate network.
Unfortunately, this nightmare is materializing daily, leaving new victims in public and private institutions, regardless of their sector or size. Attacks are increasingly frightening, as they not only hijack companies' equipment and infrastructure, paralyzing their operations, but also steal customer and employee data, intellectual property and confidential information, demanding a ransom for their release and/or to detain its publication.
To ensure that companies do not suffer from this threat, Kaspersky has compiled some guidelines to help them free themselves from this nightmare.
👻 Beware of the Mal-oween! 👾
In a parallel universe, even #Malware gets into the Halloween spirit, wearing human disguises for a spooky twist on #cybersecurity. 🎃🎭🔒#Halloween # Halloween2023 #TrickorTech #happyhalloween pic.twitter.com/E0Fzfrg0SF
- Kaspersky (@kaspersky) October 31, 2023
- Know the potential failures in your systems, networks and infrastructures. You can perform an internal audit or evaluate external security diagnostic services, such as phishing simulations or digital risk reports on attack vectors associated with an organization's entire digital footprint.
- Assess your employees’ knowledge. Make sure your security team has the information they need to assess ransomware defenses and can plan incident response actions that prevent a successful attack. If specialist knowledge is lacking, training courses are available. Also assess whether employees generally have the basic knowledge to avoid becoming victims of scams. One click can give a criminal full access to the network. Furthermore, a safety training routine must be maintained for all employees, adapting the modules to their specific needs.
- Regularly check whether your defenses are working at their best. Currently, there are several technologies that allow you to act proactively to prevent an attack, such as:
- Threat intelligence reports with information on the discovery, modus operandi, and ways to identify each new ransomware in enterprise infrastructure.
- EDR technologies that provide advanced detection of malicious activity.
- Continuous attack discovery services, which carry out an in-depth analysis of systems, networks and equipment to assess weaknesses in the company's defense. This diagnosis can be carried out annually or whenever malicious activity is suspected.
- Analyze comparative tests or perform an internal analysis to ensure real protection. The AV-Test laboratory recently published a specific report on ransomware protection.
- Check backups regularly. It is common for companies to create backup copies and for the file to be intact at the next point in the process. Unfortunately, errors are common and a faulty copy may exist. Make sure your files are OK to allow for quick resumption of operations.
