Ransomware has taken the world by storm—with crushing impact. WannaCry hit in May and locked up more than 200,000 computers across the globe. We’ve seen ransomware cripple business operations; flights have been rerouted or canceled altogether; bank branches have closed; and hospital emergency rooms have been forced to turn people away. The list of victims goes on and on.
Ransonware has been around for a while but, generally, only targeted individual networks, like a single retailer or person. Since the Shadow Brokers hacker group leaked the NSA’s EternalBlue exploit in April, cyber criminals have gained a powerful weapon to execute worldwide ransomware attacks. Enter the Age of Ransomware 2.0.
What Should Companies Do?
The good news is, all is not lost. The security industry has learned a lot about ransomware and the attacker’s tactics, techniques and procedures (TTPs). In fact, ransomware moved up from the 22nd most common variety of malware (in the 2014) to the fifth most common in 2017. And since email takes top rank as the primary vector cyber criminals use to gain access into the corporate network, EdgeWave has developed best practice recommendations for organizations to sidestep the ransomware headlines.
1. Adopt Robust Email Security
A strong email security solution is the wisest investment you’ll make. Ransomware uses a variety of techniques to access the endpoint, and phishing emails remain one of the primary vectors. In fact, 66% of malware are installed via malicious email attachments. An advanced email security solution should give you the peace of mind that email attacks aren’t going to reach the inbox in the first place.
That means your email security needs to be a rock star at accurate detection. Accuracy is comprised of two, primary functions: threat intelligence and multi-engine scanners.
Your security vendor should be using automated intelligence tools combined with human review to gain real-time, actionable data about domains and URLs that are sending spam, ransomware or malware. Automation is great—but make sure your vendor’s threat intelligence includes human analysis as well. This element ensures your vendor has a steadfast focus on detection effectiveness and accuracy.
Attackers use multiple techniques to circumvent email security detection; securing your email requires a solution with multi-layer protection. Your solution should scan inbound emails for specific threats based on content analysis, virus detection and sender profiling. Also look for scanning engines that provide email behavior analysis, sender reputation tracking and email DNA analysis to identify dangerous or objectionable content.
2. Invest in Employee Education and Awareness Training
The best defense is a good offense. Your company is getting hit all day every day with malicious email attacks. It’s the number one attack vector, remember? In this case, that means educating your employees. When it comes to email, your employees need to know “when in doubt throw it out.”
Training takes a concerted commitment and should include your entire organization—from the C-suite to frontline staff. Everyone needs to understand the dangers of unleashing ransomware or malware and their role in keeping the organization safe. Training takes perseverance and is more than a one-time class. Pursue hiring a security awareness training company, such as KnowBe4, if you don’t already have a training program. At minimum, this will provide a stop gap approach until you launch an internal program.
Your employees should be encouraged to keep an eye out and say something if they receive a suspicious email or notice strange happenings on their computer. Adopt a service that plugs into your desktop email application, such as Outlook, which lets your employees immediately report suspicious emails directly to your information security team. The last thing you want is an employee wondering whether to open an email—or ignoring it while the attacker moves on to his next employee target. A service like EdgeWave ThreatCheck ensures you discover “patient zero” right away so you can put all your employees on high alert.
3. Vulnerability Patch Management
Patch management isn’t fun, but it’s necessary. Most successful malware exploits were preventable if patches had been applied. When organizations are proactive with their patch management, they significantly reduce the risk of falling victim to ransomware—and other malware exploits.
Ensure you have a strong patch management process with the visibility and context you need to know which patches are the highest priority based on 1) your specific network infrastructure and 2) active and emerging threats in the wild.
4. Backup, Backup and Backup Again
According to the U.S. government more than 4,000 ransomware attacks happen across all industries daily. There’s one thing we know for sure about a successful ransomware attack—it’s going to encrypt the infected system. So, routinely backup all systems and have them ready to fall back on in case of such an attack. When clean images of the infected machines are readily available, you can wipe the infected hardware and restore it to the last good version.
Put EdgeWave on Your Evaluation List
For your email security needs, put EdgeWave on your short list. It has a proven track record of protecting organizations against ransomware and other email threats.
EdgeWave ePrism Email Security provides advanced threat defense through the unique fusion of advanced technology with the expertise of EdgeWave’s cybersecurity analysts to precisely identify attacks and synchronize defensive measures across all systems in real time.