The ransomware industry is a constantly evolving threat which views Australia is a veritable gold mine. The 2016 Vormetric Data Threat Report identified 54% of Australian companies as being either very or extremely vulnerable to data threats – the highest rate in the world – and cyber criminals have definitely been taking advantage of these vulnerabilities. A Trend Micro study found that between April and May, 2016, upwards of 224,000 ransomware attacks occurred in Australia, some of the most notable being the Angler exploit kit and the Locky phishing scam sending out fake Australia Post emails.
Compliance is not enough
In 2016, 31% of Australian companies surveyed by Volmetric reported some kind of data breach in the last year. The reason this number is thought to be much higher than the global average (22%) is that Australian companies tend to prioritise spending on compliance over other security factors such as brand reputation protection, data breach prevention, and best practices. Most damningly, 68% of Australian companies surveyed by Volmetric believe that compliance is very or extremely effective at preventing data breaches. Unfortunately, with the growing sophistication of threats like ransomware, compliance certification is no guarantee of data protection, as proved by the 2016 data breaches of compliance certified Australian companies like Kmart Australia, Vodafone, David Jones and Woolworths.
In the wake of 2016 being dubbed ‘the year of ransomware’ and the emergence of increasingly sophisticated cyber criminals offering ransomware as a service models, we thought we’d take a look at the combination of security measures required to protect a business network from ransomware attacks.
Multilayer endpoint security
Becoming proactive about ransomware is far more cost effective than investing in damage control once the infection has taken hold, and one of the best ways to protect your network from ransomware is by investing in robust, multilayered endpoint security. An effective multilayer protection solution should continuously monitor individual endpoints, proactively stop phishing attacks and spam, protect web browsing, control outbound traffic and protect system settings.
Cloud based backup
The efficacy of ransomware is based on the assumption that businesses are solely reliant on the data and backup systems within their corruptible network. Cloud backup takes a lot of the bite out of a ransomware attack, as although companies will still suffer some downtime, the fact that it exists separate from the network means that it will be immune from infection. A cloud backup solution that captures a gold image of your systems and configurations is ideal, as this further minimises the restoration related downtime.
In the corporate security world, users are the weakest link and, indeed, the majority of ransomware attacks occur as a result of a network user opening a phishing email scam. To this end, one of the most effective ways to minimise the likelihood of a phishing email being opened is through ongoing user education. Education should involve teaching users to identify suspicious emails and keeping them up to date with the latest spam trends (Scamwatch is an excellent resource for this). Phishing simulators can also be a useful tool to identify users who are vulnerable to attack.
Create strong Windows Policies
Windows Policies can be used to block certain paths and file extensions which are commonly exploited by crypto ransomware. Some examples of useful policies include blocking file types such as .SCR, .PIF and .CPL from running in users’ temp, program data, or desktop, blocking executables in time or alternatively temp+appdata, and creating start-up entries.
Macros are commonly used by crypto ransomware to infect systems, but they’re for the most part unnecessary for the average user and can easily be disabled in the Trust Centre of any Microsoft Office version. If an individual macro is required for a task, it can also be enabled from the Trust Centre.
Manage user roles
Ransomware can only spread through shared drives, so when a corporate user is attacked, the only data files which are encrypted are those which the user has access to. By restricting the levels of access to only files and drives that employees need and managing user roles, companies can minimise the amount of damage resulting from a ransomware attack.
Managing the threat of ransomware requires a multifaceted approach where endpoint security, cloud backup, and IT management all work in tandem to ensure business continuity. AWD’s IT service capabilities encompass all of these elements and can be deployed as part of a holistic and robust security solution for your enterprise. If you’d like to learn more about our security solutions, or organise a security audit to assess the vulnerabilities of your network, please don’t hesitate to get in touch with us by calling 1300 855 651.