Security vulnerabilities: are you a potential target for a ransomware attack?
With the most recent targeted ransomware attack on the JBS meat processing plant, it’s time to listen to this major wake-up call to ensure your network is properly protected. Ransomware attacks have become so incredibly profitable that they’re here to stay. All industry businesses at home and abroad must consider IT security measures of the utmost importance.
This latest attack is a clear sign that the most vital businesses serving U.S. interests, such as global meat producers, utility companies, health care institutions, doctors’ offices, and finally, mom and pop businesses are heavily at risk from this profitable endeavor. Ransomware attacks are instigated by both hackers and international terrorist organizations. Any and every business is vulnerable. Let’s not forget that Colonial Pipeline paid out $5 million to its hackers*.
Given the attack on the JBS plant, you may ask, “When does this stop?” It doesn’t. The only answer is being prepared and proactive, ensuring your information and security protection measures are heavily tested. This is to ensure your network is protected to the highest possible degree.
How do you do this?
Management of all organizations must do an overall GAP analysis and thorough evaluation of their network to get a real-time picture of where their network stands in relation to being prone to these attacks.
Some examples of what needs to happen to accomplish this:
Security awareness training. It can’t be underestimated how critical this is for each organization, no matter how small or large. You must ensure your staff is properly educated and tested on an annual basis for all security awareness procedures.
Business Continuity Plans (BCPs.) They should be mandated and tested on a regular basis to ensure staff and business assets are properly protected within minutes of a security breach.
This involves performing tabletop tests to ensure all authorized personnel know their duties and roles.
They must be able to act within seconds should a BCP be initiated. Are incremental backups being performed, and how often? This includes full disk backups. Where are the backups stored? What’s the proximity in relation to the location of the tapes / audit logs of the data? How quickly can this backup data be accessible in an emergency, such as this JBS attack? A BCP failover site should exist as well.
Perform regular backups. Every business organization should and must require network backups are tested, evaluated, and can be placed into a production network within seconds to prevent data loss should a breach occur. Corporations will have to allocate proper budgets to account for this. Many may question if it’s worth the cost. This depends on how much they want to protect their data and integrity of their organization.
Update the software on your network. It can’t be stressed enough the importance that all software on servers of infrastructure environment are running the latest versions and that patches have been applied, tested, and evaluated for any end of life instances.
Never use unknown USB key fobs. Any employee or staff member within any organization should be absolutely forbidden from using their own key fobs to plug into company machines. Unless that key fob has been adequately scanned for outstanding viruses, and any viruses detected have been remediated, at no time should any staff member insert that key fob to a machine. This is an utter violation of security awareness training and lack of due diligence on the employee’s part.
Make no mistake: these ransomware attacks are targeted, well planned attacks with much thought put into how they’ll be executed., and they’re here to stay. As companies enforce and implement policies to prevent these types of attacks from occurring, these hackers and terrorist organizations will simply design more sophisticated techniques to carry out their attacks against the business. There is no such thing as being overly protective when it comes to ransomware.
It’s imperative that all organizations focus their budgets and mission on being proactive rather than reactive. Any organization that contracts a third-party vendor to implement their cyber security measure should be evaluated by outside personnel on a routine basis. Measures should be tested and held accountable for any deficiencies found within their networks. This means proper audits by third-party auditing companies with no vested interest in the organization. Said company should be examining the network and IT security provider’s protective measures in relation to all security controls.
Unfortunately, with the recent success of the ransomware attacks targeted towards different businesses, it’s fair to say all businesses are vulnerable. The best solution is to ensure the bullet points noted in this post, that IT office employs the most skilled cybersecurity professionals, and that they’re adequately trained in all phases. This is hopefully to prevent these attacks from occurring. The value the business places on these security measures will determine the profitability and long-term success your organization hopes to achieve and maintain.