In 2023, Airbus Protect demonstrated unparalleled achievements in cyber defence, marking a significant milestone for the company. Four key events in Germany contribute to the organisation's commitment to excellence and innovation in the ever-evolving landscape of cybersecurity.Read more
How to protect against ransomware – top tips for CISOs
Discover in this article some tips for CISOs to strenghten their cybersecurity
What is the role of a CISO?
A requirement not listed on the average CISO job description is ‘expert whack-a-mole player’ – though it would be a helpful addition. The truth is that today’s CISOs are constantly juggling competing priorities, and must become experts in sorting ‘urgent’ demands from merely ‘important’ ones. On one hand, CISOs must protect their organisation from a plethora of evolving cyber threats. On the other, they must contend with budget constraints, while demonstrating the business value of cyber initiatives to audiences who aren’t always 100% receptive.
But if you ask any CISO to name just one threat that keeps them up at night, chances are they’ll say ransomware (possibly in a haunted whisper). The bogeyman for CISOs everywhere, ransomware is a form of malware designed to encrypt files on any infected network or device, rendering them (and any systems that rely on them) unusable. In exchange for decryption, attackers typically demand a ransom in the form of cryptocurrency. Most ransomware enters organisations via phishing emails containing malicious attachments and/or drive-by downloads. It can also come from vulnerable or unpatched systems or software, though these entry points are less common.
4 Tips for CISOs to anticipate cyber criminals
At Airbus Protect, we have decades of experience securing critical systems and infrastructure from ransomware. Here are our top tips for CISOs who want to stay one step ahead of cyber criminals.
Tip one – Forewarned is forearmed
To understand how to protect against ransomware, CISOs should first arm themselves with as much knowledge as possible. Keeping up with the latest news and ransomware trends is crucial. Which ransomware gangs are currently most active? Are they adopting any new tactics? Have any of your competitors recently been targeted?
At the same time, CISOs should also ensure they have a robust knowledge of all software, systems and devices used in their organisation – so they can understand where they’re most vulnerable
Tip two – When it comes to ransomware prevention, there’s no one-size-fits-all approach
Unfortunately, there’s no single solution that can protect organisations from ransomware. Instead, CISOs must build up layers of protection until they can achieve a sufficient level of resilience. There are multiple solutions at CISOs’ disposal, including:
- Email filters at email gateways
- Intrusion detection systems
- System configuration plans
- …and a host of other options
Finding the right combination of measures is a balancing act. When selecting solutions, CISOs must consider multiple infection and attack vectors – such as internet-facing vulnerabilities and misconfigurations, phishing, as well as third party managed service providers. It’s also important that any solutions don’t interfere with day-to-day operations. Experience tells us that an overly heavy-handed approach to security will only lead to employees finding (unsafe) workarounds!
Tip three – Train your frontline troops
With many employees continuing to work from home, email and instant messaging are now the dominant workplace communications channels – leaving organisations more vulnerable than ever to phishing. In addition, more employees are logging in from co-working spaces and coffee shops, using insecure public internet connections.
In this environment, every single employee could find themselves on the front line in the battle against ransomware. So, it’s crucial that all users take part in training and awareness programmes. Implementing annual security refresher training doesn’t just help to educate employees, it also enables CISOs to better understand their level of IT security knowledge.
A word of warning – CISOs should avoid ‘death by PowerPoint’ in security training sessions. Instead, they should consider implementing gamification techniques. These have been proven to maintain users’ attention and help them retain the most critical tips.
Alongside formal training, it’s a good idea to offer employees a route to ask questions or report security concerns. But they mustn’t feel judged or patronised, as this might prompt them to sweep any concerns under the carpet in future.
Tip four – Prepare to fail
There’s a tendency among organisations to invest heavily in protecting against ransomware, but put relatively little thought into how they’d recover from a successful attack. It cannot be overstated that there’s no such thing as impenetrable ransomware defences. So, CISOs should prepare themselves to fail.
The first crucial step is to implement offline backups of critical data. Good security practice dictates that organisations should follow the ‘three, two, one’ rule – creating three copies of data, saving them to two different types of media, and keeping at least one offsite.
Secondly, CISOs should ensure their organisation has a digital forensics and incident response strategy in place. In a crisis, each minute lost can lead to incident escalation or the loss of further evidence. As such, it’s important that each member of the security team understands their role during a ransomware attack. Plus, it’s a good idea to have an external incident response provider on speed dial, with all the relevant administrative and financial approvals already in place. A crisis isn’t a good time to handle a negotiation.
Overall, mitigating the risk of ransomware comes down to a series of careful balancing acts for CISOs. Getting it right is an ongoing, iterative process.
Have more questions about how to protect against ransomware? We’re here to help.
Get in touch with our experienced consultants.
More on Cybersecurity
Cyber Threat Intelligence Part 2 : How to support SOC’s Threat Hunting & Detection Engineering efforts
In the first part of this CTI focused blog posts series, we introduced the Intelligence Production Cycle and proposed a functional & technical architecture for a Cyber Threat Intelligence Platform integrated into and supporting both SOC and Incident Response (IR) operations.Read more
Remote working is not a new area for IT and cybersecurity experts, however in the last few years it has now been pushed to the forefront and become a hot topic that organisations globally must consider. From where we are currently sat, this change looks like it may be the new normal, and it is[...]Read more