Effective Ransomware Protection: First, Fight Your Fires
In its November 2016 report, “Ransomware Protection Best Practices,” Forrester Research offers clear and compelling advice, beginning in the document’s subtitle. “Harden Your Defenses Now For This Growing Threat.”
The report goes on to offer three “key takeaways,” two of which are presented here with additional parenthetical commentary.
- Avoiding Ransom Payment is Possible (if you mitigate the threat adequately in the first place)
- Preventing Ransomware Doesn’t Necessarily Require New Security Investments (if your incumbent solutions are truly “ransomware-ready)
- Get Back To Basics: Focus On Your Core Security Needs
This final takeaway hints at what must lie at the core of every effective cybersecurity strategy. Regardless of specific technologies or tools chosen or being considered, the underlying strategy must embrace what I like to think of as an analog to something found elsewhere in computing: the two-phase commit.
I will spare you the detailed definition of this term of art as used elsewhere in computing. Instead, I’ll expand upon the term as I think it should apply to your cybersecurity strategy. It’s highly comparable to the triage approach employed by mobile medical teams during armed conflict, and by first responders to disasters and crises.
- Phase One: Identify and extinguish all burning fires, starting with those seen as most threatening to life, property, and other resources at risk.
- Phase Two: Build upon successful actions in Phase One to increase resistance to future threats and ability to recover quickly and adequately to those that succeed.
First steps
You may not think your environment is “on fire,” but from a cybersecurity standpoint, if it isn’t right now, it could be before you finish reading this sentence. Every IT environment is always at risk, and new threats appear nearly constantly.
The Forrester report makes some recommendations that can improve your cybersecurity almost immediately.
- Protect against known vulnerabilities with proactive, prioritized, patching.
- Protect against phishing emails and “watering hole” websites by leveraging all available anti-spam, anti-phishing, and web control tools on your network, and by educating, motivating, and empowering users to act as a “human firewall.”
- Defend against malicious online advertisements and other rogue “downloaders” of malware by enhancing traditional blacklists with whitelisting and the ability to detect, block, and remediate malware in files and running memory automatically.
- Use network-level security controls that allow only “known-good” traffic, and firewalls that inspect data packets completely
- Make complete, clean, and frequent backups of all critical systems and data.
Take your firefighting further with Ivanti
The great thing about Forrester’s recommendations is that your enterprise likely already has in place at least some of the tools and processes needed to implement them effectively. Especially if you’re already an Ivanti customer.
If you’re not, check out our anti-ransomware/malware solutions online, or contact Ivanti. And whether you’re already an Ivanti customer or not, download the Forrester report using the link below for more great guidance. And check out my companion post inspired by the report, Effective Ransomware Protection: Next, Fireproof the Enterprise.