Five cyber resilience best practices for 2022
- Published: Friday, 21 January 2022 10:05
Despite best efforts from security personnel to federal involvement, ransomware is still the biggest threat organizations will face this year says Index Engines. To help organizations respond to the issue, the company has highlighted five best practices organizations can implement to achieve greater cyber resilience…
Though cyber criminals are finding new and creative ways to get into data centers / centres most ransomware gets in through a click of a mouse with phishing and spoofing among the low hanging fruit, responsible for approximately two-thirds of malware entry points. Warn employees of the dangers of clicking on unknown links in company email as well as their personal email and social media accounts. Teach how to spot potential spoof emails. Make this training ongoing and keep employees thinking about their actions.
As cyber criminals evolve, many security tools release patches and updates to help secure data. These need to be implemented regularly to take effect. Make sure enterprise applications and corporate computers are kept up to date.
In the US, FBI and CISA release blacklists to help identify ransomware activity. These FBI updates should be included in the updates to security applications. Monitor these alerts to ensure your security applications are including them in recent updates.
Especially within larger organizations, breakdowns occur between departments and, when responsibility blurs the lines between the IT manager, the CISO and the backup administrator, ambiguity in responsibility creates vulnerability. There needs to be a sound understanding of duties, strategies, and processes.
Who is in charge of updates on which systems? What data center infrastructure is outdated and potentially a security risk? Backups are a growing target for ransomware – is the security team or backup admin responsible for security protocols? If a ransomware attack is successful, how can the organization recover and who is responsible for restoring data?
Early detection leads to quick recovery. Unfortunately the average downtime is now 23 days, up by two days in 2021. But some organizations take months to get back to normal, causing significant economic stress. Implementing analytics that look deep inside of data can detect more sophisticated attacks and minimize data loss. Continually inspecting critical data and infrastructure to understand how data changes over time and anomalies can help determine if the data center has been infiltrated and is under a ransomware attack.
Lockfile ransomware is executing intermittent encryption. Jigsaw executes encryption combined with a progressive deletion and CrypMIC corrupts files without changing the extension. With all the best practices and best of tools, cyber criminals will find a way into the data center and recovery will be the last line of defense / defence.
Investing in a cyber recovery strategy is essential for getting an organization operational. Backups are the best way to recover and therefor a top target for cyber criminals. Invest in new technology to make backups stealthy, immutable, and intelligent enough to tackle the cyber attacks that will occur in 2022 and beyond. Investing in ransomware – prevention and recovery – will have an ROI that is truly immeasurable.