If educated end users are your moat, endpoint security solutions are your walled defense—your best, last chance to prevent a ransomware infection.
Of course, no two IT environments are alike—and your organization’s IT budget is certainly not unlimited. So, gaining a deep understanding of where your system is most vulnerable to attack can help you best allocate your resources, ensuring you develop the most effective endpoint security strategy possible.
For starters, let’s begin with the best practices every organization can employ to limit their vulnerability to ransomware attack.
Practice the principle of least privilege
Ransomware isn’t particular about its point of entry. Web browsers, email applications, and social media platforms are all fair game to this insidious malware. And once a ransomware virus infects a device or workstation, it will not only encrypt all of its data, but shared files, as well.
Therefore, the best defense against this type of invasive infection is to limit each user’s access to only what they need to do their job. This essentially amounts to a user’s “need to know basis”, or “the principle of least privilege.”
When you diligently practice this principle, you’ll shut down the cyber attacker’s ability to enact more widespread damage.
Remember: When it comes to your backup server, practicing the principle of least privilege is absolutely critical.
Backup servers are vital to the recovery of your data should you be infected, so give special attention to how you protect them:
- Provide access to Administrator account privileges wisely and sparingly
- Require IT members to log in via their personal accounts for most work tasks, not as the Administrator—the improper use of Administrator accounts is a leading cause of widespread malware infections
- Implement a backup-only account and use it solely for backup tasks to deny ransomware viruses access to your most sensitive files
- Regularly review who has access to which files and restrict access when job responsibilities shift, making that access unnecessary
- Avoid the worst-case scenario: No IT staff member should ever access their webmail account while also being logged into the backup server
Keep security patches and software current
Don’t overlook the importance of updating your operating systems and software on a regular basis.
Sure, this might sound obvious, but it’s important to reiterate: if you’re not running up-to-date software, applications, and operating systems, you’re operating without the latest security patches.
Since applications like Adobe and Java are prime targets for ransomware, they offer updates on a regular schedule. Keep in mind, however, with those updates come opportunities for ransomware to locate new entry points. That makes the timely installation of each patch release even more critical.
Beat cyber criminals at their own game
Test your defenses by bringing in your own “cyber criminals.” They don’t come cheap, but sophisticated data security experts can attempt to penetrate your defense system, giving you invaluable insights into where your vulnerabilities lie.
Some data security vendors also offer free vulnerability testing tools. While the results may not be as in-depth as the insights “hackers for hire” can offer, they can at least give you some initial suggestions on where you should focus your defenses.
Leverage endpoint security solutions
Once you’ve assessed your organization’s weaknesses, apply what you’ve learned to deliver the most cost-effective ransomware protection you can.
Capabilities you’ll want to consider when building out your layered endpoint security solution, include:
- Email security features that scan via SMPT mail traffic
- Spam filtering
- Intrusion detection or host-based security capabilities that monitor all traffic and offer regular signature updates
- Behavior-based solutions, which provide greater protection that signature-only solutions
- Browser security and web filtering, complete with white and black lists to allow/block websites and content
- Mobile device security that prevents unauthorized access and easy data recovery
- Removable device (USB) blocking
Remember, though, when you’re in the midst of an update, you’re vulnerability to attack peaks. Attaching a monitoring device to your router is another excellent option to consider, as well.
Internet security products provide critical protection
Of all the commercially-available internet security products that help prevent malware infections, not one can be considered a cure-all solution for ransomware. Cyber criminals are simply too ruthless, relentless—and efficient. When a new internet security product is launched, their first order of business will be to find its weaknesses—and to quickly exploit those weaknesses to their advantage.
That said, there is still great value in deploying data security solutions to narrow your vulnerability gaps. Doing something is clearly better than doing nothing at all.
Consider these product options:
Just because antivirus software alone isn’t enough to fully-protect your data – especially from new or zero-day threats – doesn’t mean you should go without it.
These AV solution providers have proven highly-effective against malware intrusion:
Anti-malware software solutions are designed to bolster the effectiveness of your antivirus software solution, offering you added protection from newer ransomware threats.
Whitelisting software empowers your IT department to approve software that may run and execute on your systems, preventing malicious applications from gaining access.
While the solutions above can’t promise full protection from ransomware, in combination with robust end user training, they can significantly reduce your risk of exposure.
Machine learning is ushering in a new age of ransomware protection
Machine learning technologies will radically improve our ability to swiftly identify—and protect against—zero-day ransomware. In fact, it’s already happening today.
In the recent past, if you had the ability to search for malware signature—a specific code of a certain size and name—you had a pretty good chance of thwarting a ransomware attack.
Today, the game has completely changed. Not only are ransomware attackers introducing variation into code sizes and names, cyber criminals have encrypted that code to the extent that it can appear without any identifying factors at all.
This is stealth ransomware.
With machine learning, however, antivirus solutions actually learn how malware behaves. They identify the differences between malicious and non-malicious code, enabling them to quickly deploy new malware signatures.
When it comes to endpoint security, it’s critical to implement solutions already available. But, keep an eye on these developing machine learning technologies, as they’ll place you in a stronger defensive position against ransomware attacks.
The art of the scam is nothing new. While ransomware attacks now fuel a continuous stream of breaking news, we only have to think back to the many distraught Nigerian princes—all who suffered the loss of their uncles and were desperate to find safe places to stash their unexpected inheritances—to remember how long these “spray…
If the ransomware threat wasn’t already keeping you up at night, surely the attack on Atlanta has left you questioning the strength of your cyber defenses and disaster recovery. Now, it should be abundantly clear to all who work in local government that you are under attack. And, it’s up to you to ensure critical…
Once again, cyber attackers are proving no one is safe from a ransomware attack. This time, it’s the City of Atlanta that has fallen victim. So, what do we know? Experts suggest Atlanta may have been infected by a variant of SamSam ransomware; the same family deployed against governments and hospitals since 2015. In this…
Like a terrible foot fungus, and not nearly as pleasant, SamSam ransomware just won’t go away. This customized ransomware strain first entered the scene in 2016 and, today, it’s powering the types of targeted cyber attacks that should give all of us pause—especially those in the healthcare industry. Just consider this: In the past three…