The latest ransomware attack on Colonial Pipeline that resulted in the company shutting down its gas pipeline and causing fuel shortages throughout the southeastern United States underscored the importance of securing and protecting your IT infrastructure. Hackers are increasingly attacking critical infrastructure, hospitals, local government, school systems, industrial companies, etc. and and these attacks are becoming a national security, public, and safety threat. Most of these companies are ill prepared for cyber attacks. Last month, the Massachusetts vehicle inspection system was down for a couple of weeks due to ransomware attack.
Ransomware infects your system by encrypting your important files, and the attackers then ask for ransom to decrypt your data in order to become operational again. Sometimes they also threaten to release hacked documents to the public unless the ransom is paid.
Ransomware has been around for the past several years, but the explosion of cryptocurrencies, in which transactions are difficult to trace, is the main reason for the increasing ransomware attacks. Moreover, these cyber extortionists are usually from other countries which is hard for governments to prosecute.
To protect your systems, you must have a comprehensive cyber security program. You should always employ a defense-in-depth approach in which defensive mechanisms are layered to protect your systems, data and applications. If one mechanism fails, another protection layer may thwart the attack. The following basic security measures should also be in place:
- Requiring multifactor authentication (MFA) for employees logging onto systems. Users are usually the weakest link as they are easily tricked or socially engineered to give information or click on a malware site enabling the ransomware to penetrate the system. MFA may thwart attackers who got a hold of your credentials by using a second method of authentication.
- Patching vulnerabilities promptly on your network devices, servers, appliances, databases and applications, especially the critical ones. You should also work closely with your IT vendor or service provider in regularly reviewing vulnerabilities on their software or services.
- Hardening your devices, operating systems and software such as replacing default passwords and turning off unneeded services. If your company also develops programs in-house, you should also enable secure software development.
- Segmenting networks by erecting firewalls between them and only allowing traffic that are really necessary.
- Keeping backups of your servers and data, and sending a second backup copy off line (using tapes), or via air-gapped second copy (see my blog on data backup security)
- Testing your disaster recovery or cybersecurity plan periodically to that ensure they work.
Having a comprehensive cybersecurity plan is necessary for your business to withstand attack in order to stay in business.