Commercial Integrator December 2021 - 14

THE SERVICE DESK
Evolution of Ransomware
8 vital steps integrators must take on every project to secure your client's network.
by Stanley Louissaint
RANSOMWARE... you've heard of it and
there is a high likelihood that one of your
clients has already been held hostage.
As the ransomware industry matures, it
has evolved from its origins. Yes indeed, I
called it an industry, and for a reason. If you
can secure millions of dollars in payouts and
create billions in losses for businesses, you
have earned the right to be called an industry.
Ransomware is no longer about holding
data hostage for a payment (or ransom).
Now, ransomware groups are threatening
to publicly disclose that the victim has been
hacked. Even more damaging is the threat
to release sensitive data to the public if the
victim doesn't pay.
As an industry we have been focused
on recovery of critical business systems
in the event that one of our clients falls
prey to a ransomware attack. What is our
recovery point objective (RPO)? What is
our Recovery Time Objective (RTO)? What
is the cost of downtime? What is the cost
of recovery? These are the questions that
we have been asking to help businesses
fi nd the proper solutions to implement for
recovery during an unfortunate circumstance.
Armed with this information we
would deploy a solution that would save
our clients from having to pay any form of a
ransom since we had the necessary data to
get them back up and running. Up to this
point in time, we weren't concerned that
the data itself was being ex-fi ltrated from
the network. To our defense, we didn't
have to be because it wasn't.
As the ransomware industry has evolved
the cybercriminals have had to get creative
to construct a situation where even if we
had the company data, we still had an
incentive to pay. The goal of most businesses
is to have clients hand over their cash or
in this case some form of cryptocurrency
payment.
Instead of taking a reactive approach
and focusing on how we will recover in
the event of a ransomware, we have to be
proactive in preventing the attacks. As a
14
3. Next-Generation Firewalls: Make
sure your fi rewall has built-in antispyware,
malware, and ransomware detection.
Application whitelisting/blacklist. Intrusion
Detection and Prevention Systems (IDS/IPS).
4. Endpoint Detection and Response
Integrators need to take a proactive
approach to preventing ransomware
attacks instead of a reactive stance.
Managed Service Provider (MSP) we wear
our proactive nature as a badge of honor
and even use it to diff erentiate ourselves
from a typical break/fi x shop. Part of our
value to our clients is to help them maintain
a positive public persona. Through the
proper protection of their computer and
network systems we can help the image of
our clients via these important steps:
1. Security Awareness Training to
End-Users: I cannot stress enough how
important this part of the puzzle is. End
users are oſt en our fi rst line of defense.
Educating users is highly important and will
never go out of style. At a minimum you
should run phishing tests or have end-user
training quarterly.
2. Spam Filtering: Most ransomware
enters a network through a phishing
campaign. Cloud-based spam fi ltering
has evolved greatly over time. We need
a solution that will block spam, phishing
attempts, malware, impersonation, and
ransomware. There are many layers to
having a successful spam fi ltering solution.
Look for solutions that off er features such as
sandboxing and malicious link protection to
help protect against 0-day threats.
Commercial Integrator DECEMBER 2021
(EDR): These systems help you to gain
insight into end-user devices. During an attack
these systems have the ability to isolate
machines from the network to prevent the
spread of ransomware.
5. Multi-Factor Authentication (MFA):
Usernames and passwords aren't suffi cient
anymore. MFA is the new standard. Every
e-mail account should have MFA enabled
and critical business systems that are
accessed from outside of the environment.
All administrative access should have MFA
turned on.
6. Soſt ware Patching: Vulnerabilities
are found every day and having a proper
patching schedule ensures that you are
plugging up any holes that have been
found in soſt ware.
7. DNS Filtering: Using third-party DNS
fi ltering providers helps you to save your
users from malicious domains that are trying
to get them to input their user credentials.
8. Data Loss Prevention (DLP): With
DLP solutions you will be able to help monitor
the data that's exiting your network.
This can be a game changer if you notice
sensitive data leaving the environment.
A new security model that is being
introduced into environments is the Zero
Trust Security model. Although this method
requires the most support, it is beginning
to gain more ground in our industry. The
framework is that by default no device or
user is trusted even if they are allowed on
the network. This is a solution, when implemented
automatically, that keeps users in
their corner of the world.
Stanley Louissaint is Principal
& Founder of Fluid Designs Inc.
He has been a member of The
ASCII Group since 2014.
commercialintegrator.com
IVAN/STOCK.ADOBE.COM
http://www.commercialintegrator.com
Commercial Integrator December 2021

Table of Contents for the Digital Edition of Commercial Integrator December 2021
