Cyber attacks are on the agenda. It can hit any company. While large organizations have long been prepared, small and medium-sized companies with their smaller budgets and staffing capacities often seem vulnerable to the risk. But that is not the case. With these 10 measures, SMEs protect themselves against ransomware and other security attacks.
Ransomware is a massive threat to businesses. A danger that
is increasing. In the first quarter of this year alone, an increase in
incidents of 118 percent was registered in Switzerland, with small and
medium-sized companies increasingly becoming victims of the attacks. The
reason for this is obvious: Many small and medium-sized companies are
inadequately prepared, as the Federal Information Security Reporting Office
(Melani) states in its last semi-annual report, this particularly applies to
· Lack of know-how for the correct handling of cyber risks.
The recent waves of ransomware show the
increasing professionalism of cybercrime. One example of this is the
Emotet Trojan. Originally developed as an eBanking Trojan, it was brought
into circulation in 2014. Emotet was initially used to steal user information
from eBanking. Since then, the malware has been developed into an actual
platform that can distribute a whole range of malware via its own botnet. The
spectrum ranges from spying on passwords to taking over entire computers and,
since 2017, also for ransomware. Emotet is also an example of how
cybercrime has developed into an actual industry and, according to estimates,
"turns over" around USD 1.5 trillion worldwide today. The
economic damage according to estimates byWEF is even
forecast to reach USD 6 trillion in 2021.
Are Sm Es Helplessly Exposed to Cyber Risk?
Large companies have long since reacted
to these changes in the threat situation and have massively expanded their
cybersecurity organizations. But does that mean that small and
medium-sized companies are defenselessly exposed to this development with their
limited resources?
It is definitely not the case that only
large companies or banks can protect themselves from such attacks. Indeed,
cyberattacks in general, and ransomware in particular, follow a commercial
logic. First and foremost, easy victims are attractive. In principle,
any organization, regardless of its size and business area, can be affected by
ransomware attacks. However, whether and how these attacks work depends
crucially on how an organization is prepared for them. It is not primarily
about technologies, but rather about principles, compliance with which can
massively reduce the attack surface of organizations - not only against
ransomware but against cyber risks as a whole.
10 Efficient Measures Against Cyber Threats
1 Awareness of One's Own Vulnerability
For a cyber attack to be successful
(i.e. it can cause damage), several factors are always required:
· A vulnerability.
· A possibility for an attacker to exploit this vulnerability (exposure).
In the case of ransomware, the
vulnerabilities are people, (operating) systems, and applications. The
exposure is primarily given via the Internet, email, and internal networks. The
success of a cybersecurity strategy is measured by how it succeeds in
recognizing the vulnerabilities and keeping them as low as possible. Where
this is only possible to a limited extent, it is important to reduce the
exposure of these vulnerabilities. A good example of this is the human
factor. This vulnerability can hardly be eliminated. On the other
hand, the exposure can be significantly reduced through security awareness
measures.
2 Dead Live Longest: Legacy Systems
Outdated operating systems are found in
some organizations. The reasons for this may be varied. The fact is
that a large proportion of malware, like most of the currently active
ransomware families, like such outdated operating systems, above all Microsoft
Windows. In 2017, the two WannaCry and NotPetya waves raged across the
globe. The reason was an (already known in advance) vulnerability in the
Windows SMB service, which was also outdated at the time. It is therefore
advisable to keep your operating system fleet up to date. In cases where
this is not possible, one should be aware of the danger and take it into
account through increased monitoring measures and administrative restrictions.
3 Bulletproof: System Hardening
Another decisive factor that
significantly favors (or can prevent) ransomware is the attack surface within a
network. Badly configured systems, open ports, and unused but active
services can be exploited by unwanted "guests". It is important
to understand that no operating system is inherently secure. As a rule, it
must be adapted according to its intended use and according to the
manufacturer's recommendations. This process is also known as system
hardening.
4 Firewalls Are Ineffective Against Ransomware
Many companies still rely on traditional
firewalls and antivirus programs. At the latest with the appearance of
advanced threats (which also include ransomware), this concept is outdated. The
problem with this is that advanced threats first creep into an organization is
a legitimate way (usually with the help of a human) to develop their
destructive purpose there. Strictly speaking, these threats come from
within and not from outside.
5 Ransomware Loves Flat Network Hierarchies
Not only ransomware but also hackers
love flat network hierarchies. These allow them to "shimmy" more
or less unhindered from system to system. This process, known as lateral movement, is necessary to be able to carry out an attack
successfully. It is therefore advisable to design the network architecture
in such a way that sensitive areas are separated. In connection with
ransomware, this is particularly true for the separation of client and server
systems.
6 Online Backups Are Useful, but ...
In many ransomware cases, affected
organizations only have two options:
· Or restore the last backup.
With the availability of cheap storage
space in the cloud, online backups have become widespread in recent years. The
backups are saved directly online. The advantage is that the data is
quickly available when required and there is no need to fiddle around with the
more expensive backup tapes. Quite a few companies today do without
offline backups entirely. What sounds reasonable at first has turned out
to be fatal in quite a few ransomware cases. Especially where the backup
was the only way to restore the encrypted data.
7 User Management Under Control
The easiest way to open a locked door is
to have the key. In the digital world, usernames and passwords are those
keys. Therefore, many cyberattacks initially aim to obtain this
information. Weak passwords and careless handling of user accounts and
permissions form a welcome target for attackers. The use of Multifactor
Authentication (MFA) practically eliminates this attack surface. The
effort for this measure is usually relatively low. Also, the costs
associated with more comprehensive Identity Access Management are more than
made up for by the simplification of the administration of user accounts and
authorizations. In combination with Single Sign On (SSO), the measure
becomes safer and easier.
8 Delaying and Preventing Are Not the Same Thing
A physical lock can delay unauthorized
access, but not necessarily prevent it. It is the same in the digital
world. A determined attacker, given enough time and an unlimited number of
break-in attempts, will sooner or later bypass any security measure. Anyone
who really wants to prevent an attack needs regular monitoring that recognizes
that such an attack is taking place and allows appropriate measures to be
taken.
9 Security Awareness Is One of The Most Economical Measures
The majority of cyberattacks, including
ransomware, in particular, depend on human interaction to achieve their
goal. That makes humans a critical factor in the defense chain. So,
depending on the perspective, he is the greatest risk or the most important
ally in defense. This primarily depends on the extent to which users are
familiar with the risks involved in handling information daily and
adhere to the relevant rules. Regular awareness training is not only one
of the most effective, but also one of the most cost-effective security
measures.
10 Prevention Is Good
Experience shows that a large part of
the damage in the event of a cyber incident depends on how quickly a company
can react to the attack. This is independent of the preventive measures an
organization has in place against ransomware and other cyber risks. A good
security strategy therefore always deals with the worst-case scenario: a
serious incident that can endanger information, reputation, or even the very
existence of a company. Crisis management in the worst-case scenario
follows completely different rules. It is therefore important that all
parties involved deal with relevant scenarios to ensure quick,
well-considered, and targeted action. Incident response plans help,
provided they are continuously updated and regularly trained.
Together. for Sure.
Cyber risks are the downside of
digitization. They will keep us busy in the future. As they follow
certain principles, every organization, regardless of size and business area,
has the opportunity to optimally adjust its resilience to these risks through
appropriate and targeted measures. Every company should aim for maximum
protection. Hence, It is necessary to update Protegent's free antivirus software in the organization.
Comments
Post a Comment