Posted by Joe Vigorito + Vito Nozza on Dec 15, 2020 10:00:00 AM
2020 has been a groundbreaking year on many fronts. Unfortunately, the majority of them have not been good ones. On October 28, 2020, the FBI, HHS, and CISA jointly reported on an imminent threat to healthcare organizations (the Health and Public Health Sector) surrounding the Ryuk variant of ransomware and other malware most recently seen accompanying it. “We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” said Charles Carmakal, Chief Technical Officer of the cybersecurity firm Mandiant, in a statement.
While this specific report was focused on the healthcare sector, the truth is that all businesses are increasingly vulnerable to cyber-attacks, and attackers seek those who are a good match for their malware and their skills, they care far less about what type of company you are.
Many cyber-attacks involve ransomware, a form of malicious software or malware, designed to deny access to a computer system or data until a ransom is paid and a decryption key (commonly called a decryptor) is given to the victim. The encryption is virtually unbreakable without the decryption key, and you should not spend valuable time seeking a way around the encryption if you are attacked with it. Ransomware can spread in multiple ways, but most typically, through phishing emails or by unknowingly visiting an infected website. Ransomware can be catastrophic to healthcare and other organizations, preventing critical information and systems for patient care from being accessed, for example.
ConvergeOne never advocates paying the ransom to cybercriminals. You are paying a criminal organization to extend their attack infrastructure further, rather than putting them out of business. Instead, you should build a cyber-aware culture within your organization and proactively follow a number of steps to keep your information and people protected from cyber-attacks.
As we plan for 2021, here are 21 cyber tips to get your organization started.
Cyber Tip 1: Do you know precisely what to do if you get hacked?
- Contract or create an incident response team, develop an incident response plan, and routinely test that plan to lock in improvements. Get help. Testing incident response is not easy.
- Disconnect or Turn off WiFi and Bluetooth. Unplug storage devices.
- Determine scope – shared drives / folders, network storage, USB, external storage, cloud-based storage, etc. Do you know what your “crown jewels” assets are and moreover, where they are?
- Check tools in use like Box, Dropbox, and Google Drive. You may be able to revert to unencrypted versions of your files that reside there. Know your RPO, Recovery Point Objective. What is the oldest saved information I can revert back to that still has current value to me.
- Know your backups, what is and isn’t backed up, and the order that restores much take place.
- Know your firm’s RTO or Recovery Time Objective. How long do I have to get my files back before I start losing revenue every hour I have no access?
- We do not advise paying the ransom, but if you do, remember you need to reconnect encrypted drives to unencrypt them if you’ve disconnected them.
- Usually the attacker will give you access to a registry to file listing that has been created by the ransomware listing all files encrypted. Try to use Google to understand the version of ransomware you have been hit with. It’s important.
- Determine if your data or login credentials have been copied, and if so, how much and what. This can often be learned from the ransomware program's announcement itself, as it brags as to what data has been copied or the information regarding your stolen data that the hacker posts on websites or blogs.
- Check your logs and any data loss prevention (DLP) tools to see if it noted any stolen data. Look for large unauthorized archive (e.g., zip, arc, etc.) files that contain your data that the hacker used for staging before they copied it. Look into any systems that might record large amounts of data being copied off the network. Look for malware, tools, and scripts that might have been used to look for and steal data. The main initial sign to look for to see if your data and credentials have been stolen is the ransomware gang telling you they have done it.
- Lastly, if the ransomware gang tells you they have your data or credentials, believe them. They don't bluff that often. Do not panic.
Cyber Tip 2: Spear Phishing is a type of phishing attack that targets an individual or set of individuals. How can you combat spear phishing?
Don’t open a message or a link just because the correspondent seems to know a lot about you and never be afraid to ask before committing to any next step requested by the sender, especially if the sender signals a sense of urgency.
You should also send a “voice of leadership” messages to everyone containing guidance on what to look for, who to call, what to do, and that it is okay to not click or respond to any message that looks unusual or suspicious.
Ensure you are simulating phishing attacks against your users regularly to ensure they are sensitive to real approaches attackers will take. Have a continuous learning platform to deliver them. Educate staff to detect fast:
- “I can’t open normal files and get corruption error or my files have a strange extension.”
- “I get alarming messages indicating my computer has been infected and I cannot close them.”
- “I see a countdown timer on-screen.”
Cyber Tip 3: Your information is at risk everywhere: your home, your doctor’s office, getting coffee at the local coffee shop. Take heart and protect yourself.
Use Multi-Factor Authentication everywhere you log in, as you need a second mechanism to authenticate to system resources that is independent of that password. Use passwords that are made up of multiple random words strung together, with numbers and special characters. Leverage every privacy control available on social media, and develop a healthy skepticism of trusting any information or messages from those you do not know.
Cyber Tip 4: Are you a cyber pro in need of a great metric to report to your leadership?
Report on how many times per day you get attacked, but you thwart the attack. How? Start at the outside interface of your perimeter firewall. Pull stats indicating your number of dropped packets at that interface. Do it for 30 straight days. It will give you a good idea of how many attacks you are defending against. Your leadership will gain perspective and you will gain credibility with them.
Cyber Tip 5: One of the easiest ways to protect your security is to keep your software up-to-date.
Patch operating systems, software, and firmware as soon as manufacturers release updates. Advise remote users not using company-owned assets to turn on auto-update and ensure they are current on software and patches, as well.
Also, make sure to take one additional step after an update and check your privacy settings. Sometimes the update reverts them back to a prior default setting.
Cyber Tip 6: Cyber pros and consumers beware! Dark Web monitoring is not something you check or sign up for only if you have been notified of a breach.
Your personally identifiable information may get swept up in the endless tide of breaches. The appearance of your firm’s data on the dark web requires prompt notification to your business. Contact ConvergeOne today to find out more about how we help hundreds of organizations keep from being a future dark web victim.
Cyber Tip 7: Today more than ever, insider threats and attacks that leverage identity vulnerabilities remain a blind spot for even the most advanced companies.
Your firm’s digital transformation needs modern, identity- and workload-centric Zero Trust security solutions to protect your work-from-home workforce. Remember: Companies that wait to act are tempting fate, so please ask us about Zero Trust today.
Check back for the next part of this blog series for the seven more tips. Can’t wait? Download the full white paper below.
[WHITE PAPER] 21 CYBERSECURITY TIPS FOR 2021
As you prepare for 2021, you should prioritize building a cyber-aware culture within your organization and proactively follow a number of steps to keep your information and people protected from cyber-attacks. Download this ConvergeOne white paper to receive all 21 cyber tips to get your organization started.