Through our Ask-An-Expert service, our Faculty speak with security teams across all industries on a regular basis. Ransomware prevention is a consistent topic of those conversations and an area where information security professionals lean on our Faculty for additional guidance and information.
So, what do security teams want to know about ransomware prevention? For answers, we turn to the questions they ask.
Questions About Ransomware Prevention
Below are questions information security practitioners posed to our team of 80-plus Faculty on the topic of ransomware prevention, including:
- How does having immutable backups prevent ransomware actors from deleting or corrupting backups if the hacker has the credentials of an authorized user?
- What are best practices for ransomware prevention? What are others doing to mitigate or prevent an attack?
- Are there run books and plans to leverage and what scenarios are best for testing ransomware preparedness? Are there services for driving this type of activity?
- Inquiring about process, tools and strategy, including pain points to be aware of as part of a ransomware development framework.
- Seeking input on a ransomware incident response book, including best practices for adapting it to other threat scenarios, whether to take systems offline (even those not confirmed to be infected) and the level of detail the plan should contain.
- How to best prep for an attack and what vulnerabilities are attackers looking for?
- What assets can be shared, from stories and charts to checklists?
- What assumptions are others making about legacy controls and protections? How can we best prepare for ransomware?
- Seeking input on ransomware from the healthcare perspective; to review a plan, talk about protecting EMR and explain how ransomware is crippling hospitals.
- Beyond a backup solution with anti-ransomware features, what additional proactive steps should be taken?
- Asking about a ransomware framework from a technical and tools perspective, to determine if a new framework and tools with more resources are needed.
READ: What Security Teams Want to Know About Responding to Ransomware Attacks
Ransomware Prevention Best Practices
Regardless of your organization’s size, level of maturity or experience in the ransomware domain, it’s essential to have a ransomware response plan in place before an incident occurs. Our Faculty provide the following guidance to help security teams prevent a ransomware attack:
- Develop a plan on when to pay: This is a business decision. Even if backups are available, paying may restore operations more quickly, so ensure leadership is involved.
- Determine which intellectual property you’d least want to see stolen/dumped and defend accordingly.
- Separate business networks (IT) from production (OT) networks.
- Update and patch promptly -- deploy a centralized patch management system.
- Test incident response plans.
- Back up data, test backups regularly and segregate these backups from the main network.
- Track attackers: Ensure your threat intel team keeps track of which hackers use which ransomware strains and whether those hackers are blacklisted.
- Consider purchasing cyber insurance -- use a cyber-specialized broker to negotiate with underwriters.
- Hire external parties to conduct penetration tests -- dry-run attacks designed to detect vulnerabilities before they’re exploited.
- Join a threat-sharing group sponsored by your ISAC or industry org.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.