CIO OPINION
Educating the business
There are two major audiences that should be targeted from an education perspective : IT staff and organisational users . It ’ s important to target both groups as threats can be introduced from both personas .
The main points of entry into a business for ransomware is through Remote Desktop Protocol ( RDP ) or other remote access mechanisms , phishing and software updates . Put simply , in most cases cyber attackers are not made to work as hard as they should to fetch big prizes . Knowing that these are the three main mechanisms is a huge help in focusing the scope of where to invest the most effort to be resilient from an attack vector perspective .
Most IT administrators use RDP for their daily work , with many RDP servers directly connected on the Internet . The reality is that Internet-connected RDP needs to stop . IT administrators can get creative on special IP addresses , redirecting RDP ports , complex passwords and more – but the data doesn ’ t lie that over half of ransomware comes in via RDP . This tells us that exposing RDP servers to the Internet does not align with a forward-thinking ransomware resiliency strategy .
The other frequent mode of entry is via phish mail . We ’ ve all seen email that doesn ’ t look right . The right thing to do is delete that item . However , not every user handles these situations the same way . There are popular tools to assess the threat risk of phish success for an organisation such as Gophish and KnowBe4 . Combined with training to help employees identify phishing emails or link , self-assessment tools can be an effective mode of first-line defence .
The third area that comes into play is the risk of exploiting vulnerabilities . Keeping systems up-todate is an age-old IT responsibility that is more important than ever . While this is not a glamourous task , it can quickly seem a good investment should a ransomware incident exploit a known and patched vulnerability . Be mindful to keep current with updates to critical categories of IT assets : operating systems , applications , databases and device firmware . A number of ransomware strains , including WannaCry and Petya have been based on previously discovered vulnerabilities that have since been corrected .
Implement and remediate
Even organisations that follow best practice to prevent exposure to ransomware are at risk . While education is a critical step , organisations must prepare for the worst-case scenario . If there ’ s one takeaway for IT and business leaders , it is to have a form of ultra-resilient backup storage .
At Veeam , we advocate the 3-2-1 rule as a general data management strategy . The 3-2-1 rule recommends
There are two major audiences that should be targeted from an education perspective : IT staff and organisational users . It ’ s important to target both groups as threats can be introduced from both personas .
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 45