VIPRE emphasises “multifaceted” approach for tackling ransomware

Ransomware isn’t a new phenomenon, of course, but the rise in attacks over the past few years has been a cause for concern with new tactics such as Ransomware-as-a-Service, spear-phishing and social engineering all coming into play.

According to new research, ransomware incidents handled by the Information Commissioner’s Office increased from 326 in 2020 to 654. Those sectors impacted pretty heavily have included finance, education and insurance.

Affecting SMBs as well as larger organisations, ransomware remains a key threat. The National Cyber Security Centre has even declared that “ransomware has become the most significant cyber threat facing the UK”.

Organisations are now heavily reliant on large amounts of data, which is flowing in and out of companies across various devices thanks to modern working practices. This information needs to remain protected. It only takes one employee clicking on the wrong link in an e-mail or downloading a malicious attachment for ransomware to be able to take a business hostage. This can exert devastating consequences, whether financial or reputational – or both.

Adding controls

Putting controls in place to prevent ransomware attacks is the best course of action as prevention is always better than cure. VIPRE’s White Paper explains that, while ransomware is difficult to prevent, it’s not impossible to do so.

With a multifaceted approach using software, IT, business processes and employee awareness, organisations can put the right measures in place to prevent attacks from occurring.

Within the document, VIPRE highlights the key controls organisations should add to any ransomware response plan in order to achieve the best security. These include the following measures:

Firewalls

The foundation of building data protection, along with network infrastructure and endpoints, a firewall or gateway needs to be put in place

Endpoint protection

Secure endpoint protection should be in place to protect at the file, application and network layer levels across all devices and to respond to security alerts in real-time

e-mail security and encryption

e-mail is the threat vector most commonly exploited by cyber criminals so it’s best to add an additional layer of security in order to detect potential threats using Artificial Intelligence and machine learning and protect sensitive e-mails via encryption

User and data protection tools

Users can be empowered with tools to help them protect an organisation’s data and for example, to check that their e-mails are being sent out to the right individuals

Security awareness training

Users are the last line of defence. By conducting regular cyber security awareness training, including phishing penetration testing, businesses can build a more ‘cyber aware’ workforce

By ensuring the right technology and processes are in place, the risk of data leaks can be mitigated, allowing data to be easily managed. This also minimises the potential impact of data loss for a given business and its customers, while in parallel ensuring business continuity.

More advanced

Andrea Babbs, general manager for the UK at VIPRE, explained: “It’s clear that ransomware is becoming more advanced and more of a threat. However, so is the technology and the processes available to prevent such attacks. By implementing the correct controls, organisations are able to reduce vulnerabilities across their IT infrastructure and help to protect all endpoints. It’s vital that organisations enable their users to monitor the information being sent out and coming in. Ultimately, it’s all about reducing the flow of uncontrolled information into a business.”

*To download a copy of VIPRE’s 15-page White Paper entitled ‘How to Stem the Flow of Ransomware’ click here