A requirement not listed on the average CISO job description is ‘expert whack-a-mole player’ – though it would be a helpful addition. The truth is that today’s CISOs are constantly juggling competing priorities, and must become experts in sorting ‘urgent’ demands from merely ‘important’ ones. On one hand, CISOs must protect their organisation from a plethora of evolving cyber threats. On the other, they must contend with budget constraints, while demonstrating the business value of cyber initiatives to audiences who aren’t always 100% receptive.
But if you ask any CISO to name just one threat that keeps them up at night, chances are they’ll say ransomware (possibly in a haunted whisper). The bogeyman for CISOs everywhere, ransomware is a form of malware designed to encrypt files on any infected network or device, rendering them (and any systems that rely on them) unusable. In exchange for decryption, attackers typically demand a ransom in the form of cryptocurrency. Most ransomware enters organisations via phishing emails containing malicious attachments and/or drive-by downloads. It can also come from vulnerable or unpatched systems or software, though these entry points are less common.
At Airbus Protect, we have decades of experience securing critical systems and infrastructure from ransomware. Here are our top tips for CISOs who want to stay one step ahead of cyber criminals.
To understand how to protect against ransomware, CISOs should first arm themselves with as much knowledge as possible. Keeping up with the latest news and ransomware trends is crucial. Which ransomware gangs are currently most active? Are they adopting any new tactics? Have any of your competitors recently been targeted?
At the same time, CISOs should also ensure they have a robust knowledge of all software, systems and devices used in their organisation – so they can understand where they’re most vulnerable
Unfortunately, there’s no single solution that can protect organisations from ransomware. Instead, CISOs must build up layers of protection until they can achieve a sufficient level of resilience. There are multiple solutions at CISOs’ disposal, including:
Finding the right combination of measures is a balancing act. When selecting solutions, CISOs must consider multiple infection and attack vectors – such as internet-facing vulnerabilities and misconfigurations, phishing, as well as third party managed service providers. It’s also important that any solutions don’t interfere with day-to-day operations. Experience tells us that an overly heavy-handed approach to security will only lead to employees finding (unsafe) workarounds!
With many employees continuing to work from home, email and instant messaging are now the dominant workplace communications channels – leaving organisations more vulnerable than ever to phishing. In addition, more employees are logging in from co-working spaces and coffee shops, using insecure public internet connections.
In this environment, every single employee could find themselves on the front line in the battle against ransomware. So, it’s crucial that all users take part in training and awareness programmes. Implementing annual security refresher training doesn’t just help to educate employees, it also enables CISOs to better understand their level of IT security knowledge.
A word of warning – CISOs should avoid ‘death by PowerPoint’ in security training sessions. Instead, they should consider implementing gamification techniques. These have been proven to maintain users’ attention and help them retain the most critical tips.
Alongside formal training, it’s a good idea to offer employees a route to ask questions or report security concerns. But they mustn’t feel judged or patronised, as this might prompt them to sweep any concerns under the carpet in future.
There’s a tendency among organisations to invest heavily in protecting against ransomware, but put relatively little thought into how they’d recover from a successful attack. It cannot be overstated that there’s no such thing as impenetrable ransomware defences. So, CISOs should prepare themselves to fail.
The first crucial step is to implement offline backups of critical data. Good security practice dictates that organisations should follow the ‘three, two, one’ rule – creating three copies of data, saving them to two different types of media, and keeping at least one offsite.
Secondly, CISOs should ensure their organisation has a digital forensics and incident response strategy in place. In a crisis, each minute lost can lead to incident escalation or the loss of further evidence. As such, it’s important that each member of the security team understands their role during a ransomware attack. Plus, it’s a good idea to have an external incident response provider on speed dial, with all the relevant administrative and financial approvals already in place. A crisis isn’t a good time to handle a negotiation.
Overall, mitigating the risk of ransomware comes down to a series of careful balancing acts for CISOs. Getting it right is an ongoing, iterative process.
Have more questions about how to protect against ransomware? We’re here to help.
Get in touch with our experienced consultants.
Cybersecurity Supply Chain attacks are an underestimated risk for companies, where cyber threat actors can hack into a software vendor’s network, posing a significant danger to many companies. Who may be affected by these attacks? Every company of every branch who is in a business relationship to a third-party vendor who offers services or software to […]
Read more
Cybersecurity The use of network scanners with a graphical user interface has been observed in a number of former IR engagements conducted by our CSIRT. Discover how operators use these tools to map networks and minimize detection.
Read more
Cybersecurity In 2023, Airbus Protect demonstrated unparalleled achievements in cyber defence, marking a significant milestone for the company. Four key events in Germany contribute to the organisation's commitment to excellence and innovation in the ever-evolving landscape of cybersecurity.
Read more