As you can see from the above image of a recent newspaper headline, a hospital had its medical files encrypted and ransom demanded. How can you defend yourself against such attacks?
When it comes to cybersecurity, you always need a multi-layered defence strategy.
Layer 1: inoculate the human
Most ransomware attacks arrive in the form of an innocuous email. All it needs is one person to click on a link or open an attached document and your entire organisation will be put at risk.
Gone are the days where you can easily tell that an email is fake because of bad spelling and grammar. Nowadays, hackers are polishing up on their language skills. Not only that, they will lurk within your organisation’s computer networks and learn as much about your organisation as possible. Then when the time is right, send an extremely plausible individualised and custom-made email to a member of your staff.
All it takes is a momentarily lapse in carelessness in the part of the human and the entire organisation is at risk.
What’s the solution?
You need to constantly keep everyone on their toes by periodically sending out your own fake emails to test out how alert everyone is. Due to a quirk in human nature, once you slack off in testing everyone, complacency will set in once again. So, it has to be done repetitively. You may want to incentivise your staff to be alert by using either the carrot or stick approach (e.g. reward for passing all the test, KPI penalty for failing).
Layer 2: Patch all your software and operating systems
Despite all your best effort, you can guarantee that one day, someone in your organisation is going to click on that link or open that attached document.
Then, this next layer of security kicks in…
One of the most boring jobs in corporate IT is to ensure that every software and operating systems in the organisation is tested and patched with the latest security updates. But this boring job is necessary to ensure security.
For example, if there is an unpatched security hole in your operating system (OS) that allows hackers to insert their own code into the kernel of the OS, it is game over for cybersecurity.
Due to technical reasons, not even your anti-virus software can save you from this kind of attack.
In fact, as I mentioned in my book, anti-virus software themselves are the target of hackers. Security researchers have that found most of them are insecure themselves. So, if anti-virus software cannot protect themselves from being hacked, they have no hope of protecting you.
You need to also ensure that every web-browsers are patched because this is the most common avenue for hackers to enter your computer. When you click on a booby-trapped link, the web browser will be launched to open that link. If it has unpatched security holes, hackers can compromise it and insert his own code into your computer.
The same goes for the software that are used to open attached files in email. The most common software is Microsoft Office. If someone opens a booby-trapped document attached to the email, that software will be launched. So, if there are unpatched security holes, hackers can compromise it too.
Layer 3: Pray that you anti-virus software can stop ransomware
If the first two layers of defence are breached, you better hope that your anti-virus software will catch those malicious codes before they wreck their damage. By now, most respectable anti-virus software will have anti-ransomware capabilities. They will observe and monitor every software and app running in the computer and put the brake on any that behaves like ransomware.
Sometimes, hackers don’t need to make the sophisticated efforts of breaching layer 2 of your defence. They simply offer their malicious codes in a platter to users who are careless enough to execute them. Hopefully, your anti-virus software will be able to catch the user’s carelessness before damage is wrecked.
Lock down specific folders
In the October 2018 update of Windows 10 has a feature called “Controlled folder access” where you can protect your files and folders from unauthorised changes by unfriendly software. Use it.
If it ever comes to the point that this feature stops the ransomware, that means 3 layers of your defence have already been breached.
Layer 5: Make sure your back up is ransomware-resistant
If all 4 layers of your defence are breached, the final line of defence is your backup.
Everyone intuitively knows that a backup will protect you against ransomware. But here is one disturbing point for you to consider, as mentioned in my book:
Now, I have a disturbing thought for you to consider: What if your backup process is so efficient, fast and automated that it quickly copies the encrypted files into each of the multiple backups? In other words, what if your backup process spreads the encrypted files far and wide into your backups? Also, what if your backups are stored in a disk that is accessible through your computer, which means CryptoLocker is able to encrypt them as well?
This is not a comforting thought. It is good to have a very fast, efficient and automated backup process. But it has the potential to corrupt your backups in this case. This is especially true for backup solutions that automatically backup your files as soon as any changes are made (i.e. synchronisation). Sometimes, this can also happen due to bad luck when a scheduled backup is made after the files are encrypted.
Gone are the days that having an efficient backup system that works is enough. Your backup system must also be specially engineered to be ransomware-resistant. Otherwise, there is a risk that even your backups get encrypted as well.