valerybrozhinsky - stock.adobe.c
How to prepare for ransomware and phishing attacks
Follow these best practices to properly prepare for ransomware and phishing attacks, as well as further steps to stay secure in the face of a pandemic or widespread health event.
Perhaps one of the most critical cybersecurity lessons to learn from the COVID-19 pandemic is the importance of advanced preparation for potentially disruptive incidents, such as phishing or ransomware attacks. A surge of social engineering scams ensued as COVID-19 spread across the globe, preying on workers' fears and unease during an uncertain time.
While phishing and ransomware controls should be in place regardless of such an event, there are extra steps security admins can take in the face of a potential pandemic. Read on to learn how to prepare for ransomware and phishing attacks by deploying and maintaining the proper controls and processes, and uncover further steps to take to keep the risk of attack low, especially during a pandemic.
Everyday phishing and ransomware cybersecurity controls
During normal business activities -- pandemic or not -- the principal ways to prepare for phishing, ransomware and other cyberattacks include the following:
- securing the network perimeter and mitigating any potential porosity to prevent malware from entering the organization;
- analyzing intrusion attempts and making adjustments in perimeter protection as needed;
- ensuring network perimeter security equipment -- including firewalls, intrusion detection and prevention systems, and DMZs -- and security analysis systems and software are up to date with current settings, configurations and rules;
- regularly monitoring performance metrics, such as mean time to detect and mean time to repair, to ensure incidents are efficiently managed;
- testing and verifying cybersecurity management systems and software can be remotely accessed and managed;
- performing regular updating of security equipment rules and other parameters;
- installing and testing all relevant patches;
- reviewing and updating cybersecurity policies and procedures as needed, especially for phishing and ransomware incidents; and
- training cybersecurity team members on all security mitigation resources, procedures and policies.
Further steps to take
Assuming a situation has occurred that threatens to escalate to the level of a pandemic, especially with the potential to force organizations to downsize operations for health reasons, IT management can prepare by performing the following actions:
- verifying SIEM software is current and data from the system's dashboards is regularly examined for any anomalies;
- establishing specific key performance indicators to measure cybersecurity performance;
- regularly briefing senior management on actions planned to manage cybersecurity in advance of a potential business shutdown;
- validating cybersecurity systems identify and mitigate botnets that can increase the likelihood of phishing and ransomware activities;
- monitoring and examining peer-to-peer file-sharing activities for possible malware;
- monitoring ports for suspicious code and possible malware exploitation;
- monitoring vendors for cybersecurity incidents that could facilitate phishing or ransomware attacks;
- backing up relevant security performance data and storing it in secure and easily accessible locations;
- ensuring backups of critical business systems and data are performed so that, if data is corrupted by malware, copies are available from at least one alternate location;
- conducting tests to identify and analyze phishing and ransomware attacks;
- scheduling and conducting cybersecurity awareness training for all employees, including emphasis on potential pandemic impacts;
- ensuring technology disaster recovery and business continuity plans are up to date and include specific procedures when faced with a pandemic; and
- identifying all equipment connected on the internal network, as well as identifying potential threat devices and removing them or quarantining them from the network.
Pandemics and cybersecurity
The COVID-19 pandemic, like widespread health events in the past, has affected thousands of businesses and millions of people worldwide. While the long-term implications of COVID-19 have yet to be determined, for cybersecurity professionals, the need for greater diligence is the key. Use the above guidance to ensure cybersecurity preparations are current and suitably rigorous.
With people working remotely and focused on health concerns, cybercriminals are likely to be more aggressive. In future pandemics and similar events, the need for proactive cybersecurity management will be an essential business requirement.