Ransomware Special Reports


Special Report

firms identify the vulnerabilities that external remote services present, particularly ones that were set up hastily, as a reaction to the pandemic. “The traditional ‘castle and moat’ approach to cyber security no longer works since we’re no longer barri - caded inside the ‘castle’,” explains Hamilton Barnes’ Lewis West, who adds that investment needs to come in three areas. “Improving the tooling in place; improving the attitude of employees to security risks and investing in the right expertise that can support a

needs to be continuous, engaging and practical for people to take note and implement the desired behaviours.” The psychologist also observes that organisations tend to silo day-to- day cyber security activity and don’t involve other staff – which is usually to their detriment, he claims. On this note, Trend Micro’s Duke agrees that security teams need to be brought “into the fold” more so they can help foster good working relationships between teams and improve the speed of response, with established lines of communications making it easier to identify and re - move potential barriers to IR before The reason a ransomware attack can be so devastating is because a busi - ness can find itself with no alternative but to pay to restore its data. How - ever, if a company knows they can restore their data to a clean state due to a backup, they will have greatly minimised the disruption and pain associated with an attack. According to Lawrence Perret-Hall, director at CYFOR Secure, when it comes to data backup, enterprises should follow the rule of three: small - er, more frequent and incremental back-ups for business restoration, alongside full back-ups, encrypted and stored on an entirely separate network. Finally, create a third set of long-term back-ups separately, and store them on tape. an incident occurs. Call for backup “Ultimately, while it may sound ex - cessive and expensive, having three lots of back-ups will be far more cost-efficient than falling victim to ransomware unprepared,” he says. “What’s more, keeping separate back- ups will avoid the issue we see time and time again in ransomware recov - ery, where back-ups themselves are infected because they are stored on the same network in order to reduce recovery time,” Perret-Hall adds. WFH risks As more of the workforce transitions to working from home or hybrid working models, it’s also vital that

ti-level access controls to ensure that encryption cannot be “undone” by hackers,” he says. Cyber Insurance While cyber security insurance cover falls under the mitigation category rather than prevention, most insurers will look for evidence of a well-fund- ed and well managed cyber security programme. According to Jennifer Mulvihill, business development head at cy - ber-Insurance and legal firm Blue- Voyant, the severity and frequency of ransomware attacks has meant that cyber insurers are increasing their premiums and designing stricter and more technical underwriting guide - lines. “If your company can demonstrate its well-prepared for a cyber-attack, cyber insurance premiums may be reduced, or at least barred from a significant increase,” she says. These requirements may include ba - sic cyber security best practice such as the implementation of MFA across the enterprise and a robust MDR that provides 24/7 monitoring. “Carriers are also seeking evidence that the business has dedicated ex - perts that allows them to effectively respond to a cyber-attack, or at least have an IR retainer in place to part - ner with outside forensic experts,” Mulvihill adds. When shopping around for insurance, to select the appropriate cover, busi - nesses should consider the impor - tance of each system or data set to their operations and check whether losses to third parties are covered, as well as looking at what other services the insurer offers in an event of an attack to response.

Lewis West, head of cyber security at Hamilton Barnes business’s cyber security. Businesses should also use web security solu - tions that manage web activity of re - mote employees by inspecting all SSL (encrypted) traffic to expose threats,” West adds. Todd Moore, VP for encryption products at French aerospace firm Thales’s cyber security division, believes that data encryption can act as an essential line of defence against ransomware attackers targeting re - mote networks. “When cyber criminals infiltrate the home or remote network, it’s es - sential that any data that’s stolen is properly protected so that it can’t be read by unauthorised actors. The keys used to encrypt data should be centrally managed through mul -


Powered by