What are some best practices for defending against ransomware?
With ransomware so prevalent at the moment, our third cyber threat briefing session began with a warning – every company should expect this to happen to them. One of the first examples of best practices for defense is that it’s crucial companies have controls in place to stop the threat at multiple stages of the ransomware kill chain, not just at the perimeter. In other words, conducting threat modeling. This is understanding the types of attacks you might be susceptible to or subject to, and actively designing and implementing layered controls to stop those attacks.
There are a couple of ways to do it too. You can rely on industry published white papers from places like the National Cyber Security Centre (NCSC), or you can engage a threat intelligence provider, who will give you a report that incorporates their wider knowledge with data that they’re aggregating from attacks relating to the people that are targeting you. Then, you can understand the types of threat actors that would target you, the types of attacks they might use, and therefore, use that to tailor the controls you have in place.
Once you understand what the threats are, you can start implementing a defense-in-depth layered security model, which implements multiple stages of controls so that each stage could, in theory, mitigate an attack. Hopefully, by chaining multiple controls, even if several fail, one of them will enact effectively and block the threat.