Over the past years, phishing and ransomware have become the most rampant form of cybercrime and an exponentially increasing threat to organizations. Ransomware, a form of malware designed for the sole purpose of extorting money from victims; and phishing, the delivery mechanism of choice for ransomware and other malware, are critical problems that every organization must address through a variety of means. The good news is that there is a lot that organizations can do to be resilient against such threats. In this series of three articles, explore the challenges raised by phishing and ransomware attacks and learn how to protect your business from these threats. After our first articles focusing on ransomware and phishing risks, this third and last article focuses on protecting from them.
How can you protect your business from phishing and ransomware?
Rethink your protection against ransomware
Traditional protection methods relying on malware signatures and basic rules for protection has revealed to be ineffective against ransomware threats. Indeed, attackers design their ransomware to bypass traditional web and email protection, which are prone to have “set and forget” configurations.
The ransomware threat should be handled with a comprehensive assessment of the organization’s countermeasures to understand if they are capable of responding to the latest threats. This assessment includes, but is not limited to the following:
• User awareness
• Backup and recovery strategies
• Vulnerability and patch management processes
• Use of privileged accounts and access controls
• Content and Whitelist filtering
• Security configurations of endpoints
• Incident response processes
• Use of threat-intelligence solutions
Define your phishing defense strategy
The prompt awareness and responsiveness on phishing and ransomware has encouraged threat actors to reiterate their tactics, techniques, and procedures (TTPs) on both payload and delivery campaigns. This continued persistence demonstrates that the technological focus, emphasized by acquiring, deploying, and tuning security solutions, is not enough.
Without a phishing defense strategy, organizations are prone not only to the ample phishing emails used to deliver ransomware, but also to the less observable emails used to deliver the same malware that has been used for years.
By getting ready for these phishing attacks, users can be empowered to act as both “human sensors” for spotting phishing attacks and help thwarting threat actors from gaining a foothold in the organization.
Implement best practices for user behavior and tailored awareness
There are multiple best practices that organizations can follow to minimize their exposure to phishing and ransomware.
Organizations should implement a strong security awareness program that will help users to make better decisions about the content they receive through email, on what they view or click in social media, how they access the web, and so forth. It is essential to invest in employee training so that the “human firewall” can provide an adequate first line of defense against increasingly sophisticated phishing and ransomware.
Furthermore, organizations should occasionally test their employees to determine if their security awareness training is effective. Those tests should trigger an action plan and measure the organization's successes and failures.
As far as business email compromise is concerned, organizations should create communication “backchannels” for executives and other key staff that might be targeted on this attack schema.
By Laurent de la Vaissière, Director, Deloitte and Stéphane Hurtaud, Partner, Deloitte.