KEEP UP TO DATE WITH ALL THE IMPORTANT COVID-19 INFORMATIONCOVID-19 RESOURCE PORTAL

FANews
FANews
RELATED CATEGORIES
Category Risk Management
SUB CATEGORIES General | 

Consider These 10 Critical Steps to Prevent and Detect Ransomware Threats

14 October 2021 Aon South Africa
Zamani Ngidi, Cyber Solutions Client Manager at Aon South Africa

Zamani Ngidi, Cyber Solutions Client Manager at Aon South Africa

Ransomware attacks are a serious global issue and getting worse – in fact, they are often considered the top cyber threat facing businesses today (1) Ransomware statistics are staggering:
• Damages to businesses and organisations are expected to be $20 billion in 2021 (2)
• Global ransomware reports are up more than 715% from 2019 to 2020 (3)
• Ransomware payments have increased 60% in value since 2019 (4)

Aon’s Cyber Security Risk Report found that ransomware is a crisis that will only get worse as threat actors continue to grow in sophistication and expertise. Ransomware attackers often operate with the discipline and approach of a legitimate traditional business, except with criminal intent. Fortunately, there are strategies companies can take to reduce the risk of falling victim to a ransomware attack.

It is critical for organisations to approach cyber risk exposure through the lens of risk mitigation, taking the necessary precautions to prevent and/or minimise the risk if an event takes place. “An organisation’s ability to secure cyber insurance is very much tied to its ability to mitigate cyber security risks such as a ransomware attack. This is achieved by having the correct controls in place. Most of South Africa’s local cyber insurers are either global players or have reinsurance provided for by a global reinsurer, which means that South African companies need to align their IT controls and practices to global standards, if they wish to transfer the risk off their balance sheet,” explains Zamani Ngidi, Cyber Solutions Client Manager at Aon South Africa.

Consider these ten technologies and processes to help prevent and detect a ransomware attack.

Each of these steps aligns closely with how attackers create and consummate their criminal activity. While some are costly, proactively implementing these steps now can mitigate the costs of business interruption, reputational damage, incident response and/or a ransomware payment.

1. Phishing Awareness Training, to educate employees and end-users on how to spot phishing emails and know the red flags to drive down clicks on the malicious emails many ransomware attackers use to gain a foothold in a network.

2. Disabling Accessibility of Remote Desktop Directly from the Internet, to prevent ransomware attackers from brute-forcing Internet-facing RDP services to gain entry into a network.

3. Properly Configured URL Filtering and E-mail Attachment Sandboxing, to prevent malware contained in ransomware emails from executing or going unnoticed.

4. An Advanced Endpoint Detection and Response (“EDR”) Solution, to detect and potentially quarantine ransomware and other advanced malware, and also to facilitate enterprise forensics in the event of an attack.

5. An Advanced Malware Detection Tool that Inspects Network Traffic, to identify ransomware and other malicious packets or network traffic flowing over the wire.

6. 16+ Character Service Account and Domain Admin Passwords, to prevent ransomware and other hackers from cracking weak admin usernames and passwords. Optimally, these strong passwords should be rotated regularly, using a Privileged Access Management (PAM) tool. Ransomware attackers use these cracked credentials to move laterally and deploy their ransomware.

7. Lateral Movement Detection Tools. After gaining a foothold, ransomware actors typically move laterally using compromised IT credentials. Detecting that anomalous lateral movement normally enables the attack be shut down before ransomware is deployed.

8. A Properly Configured Security Information and Event Management (“SIEM”) Platform that aggregates event, security, firewall and other logs. Trying to respond to and recover from a ransomware attack without a SIEM is very difficult, as visibility through local, non-centralised logs is often poor.

9. A Continuous Security Monitoring Function, which provides continuous monitoring and threat hunting using collected logs and alerts.

10. Locking Down Software Deployment and Remote Access Tools (such as SCCM, PDQ, and PsExec) to a small set of privileged accounts with multi-factor authentication where possible. Once they have secured elevated privileges, ransomware attackers typically commandeer SCCM/PDQ/PsExec accounts to push the ransomware executable across the network.

SOURCES
1. Ransomware is number one cyber threat this year. Click here for article.
2. 2019 Cyber Security Almanac. Cisco and Cyber Security Ventures, 2019
3. Bitfender’s Mid-Year Threat Landscape Report 2020, page 1
4. Coverware Ransomeware Marketplace Report, August 3, 2020

Quick Polls

QUESTION

Do you believe this is the toughest period for financial advice in many years?

ANSWER

Yes, it’s hard to navigate the challenges and difficult to adapt. I’m struggling.
No, I have managed to navigate the challenges and have adapted. I’m good.
50/50. I just feel like whether we like it or not, we have to ready ourselves for change… be resilient and scale for the future. It’s not about survival of the fittest anymore but survival of the quickest. We just have to move on with life.
fanews magazine
FAnews October 2021 Get the latest issue of FAnews

This month's headlines

IFA nuggets: Prospecting for clients
FSCA weighs in as universal life policy premiums rocket
No short cuts for the short term broker
Investment lessons worth sharing
Tightening of policy wordings… likely in the future?
Subscribe now