5 Lessons from the recent ransomware attack on Midland, Ontario
Back in September, the town of Midland, Ontario was forced to pay an undisclosed amount in Bitcoin to the cybercriminals behind a severe ransomware attack. Barely a month before, a similar attack against the municipality of Wasaga Beach resulted in a ransom of $35,000 being paid.
The last couple of years have been terrible for cybersecurity, particularly since ransomware rose to infamy with the WannaCry attack last May 2017. Nonetheless, in spite of frequent high-profile breaches making the headlines, many organizations have yet to learn from the mistakes of others.
#1. Never leave a single point of failure
Unlike most cybersecurity threats, ransomware typically doesn’t involve the theft of sensitive data. While that doesn’t make it any less of a problem, it does illustrate the fact that ransomware is inherently easier to mitigate. After all, if confidential corporate data ends up in the wrong hands, irreversible damage has already been done. By contrast, with a ransomware attack, you simply lose the data stored on infected machines (unless, perhaps, you pay the ransom to obtain the decryption keys).
Although getting ransomware on any company-owned system in the first place might point to serious shortcomings of your cybersecurity infrastructure, it shouldn’t be complicated or time-consuming to restore everything at all. At least, that’s the case if you have a robust backup and disaster-recovery strategyrather than a single point of failure that you’re entirely reliant on.
#2. Implement multiple layers of protection
Social engineering presents the most common delivery channel for ransomware and other malicious software. However, that’s by no means the whole story, and ransomware also spreads by exploiting vulnerabilities in old hardware or outdated operating systems and software. Furthermore, newer threats often don’t get picked up by conventional antivirus software before it’s too late.
Every cybersecurity strategy should involve multiple layers of protection, with backup and disaster recovery being your last resort in the event of a successful ransomware attack. Other layers include intrusion detection and prevention, network monitoring, URL filtering, and ongoing security awareness training.
#3. Empower employees with proper training
While not many people are likely to fall for the absurdly obvious scams that often grace the typical spam email folder, it would be a grave mistake to assume that all cybercriminals are so amateurish. In fact, phishing scams are getting more effective, since they’re now tailored to specific victims and perpetrated by skilled criminals.
What makes social engineering so dangerous is that it exploits human ignorance and not technology itself. In other words, no amount of technological safeguards can make up for human negligence. That’s why ongoing security training helps empower employees to become your first line of defense against cybercriminals.
#4. Keep your systems up to date
You’ve probably heard the saying that computers are obsolete the moment you take them out of the store. Although that’s an exaggeration, it is true that IT is constantly evolving, and the cyberthreat landscape is always changing along with it. New vulnerabilities are found all the time in popular software, which is why vendors routinely release critical security patches.
Deferring security updates is asking for trouble, as is continuing to use unsupported hardware and software. That’s because obsolete systems are no longer supported by their original manufacturers, which means security updates will never be released for them ever again. A good example is Windows XP which, despite being completely unsupported since 2014, retains a market share of almost 5%!
#5. Automate cybersecurity to prevent human error
While an ongoing security awareness training program will help reduce human error, you can also use technology to prevent these mistakes. Aside from helping you lock down your mission-critical systems, technology can also boost productivity and decrease costs.
Automation, driven by the fast-evolving world of artificial intelligence and its subset of machine learning, greatly reduces the risk of human error. As a rule, anything that can be automated should be automated, including patch management, backup and disaster recovery, data archiving, and compliance and security monitoring.
Dyrand Systems helps businesses in Vancouver with comprehensive solutions that boost productivity, save money, and maximize security. Drop us a line today to learn more.