The first step to preventing ransomware is thwarting the initial attack. Your vendor should approach this from both a technological and a social attack vector. From a technology side, they should:
- Utilize industry leading anti-virus software and VPN technology to ensure that your endpoints are safe
- Ensure security patches are done in a timely manner, across all systems, endpoints, and servers
- Continuously monitor their networks for any indication of malicious activity
- Conduct product and system penetration tests and code reviews, ensuring that there are no exposed vulnerabilities that could be exploited
The primary WannaCry attack vector was executed through a phishing campaign. Once inside an organization’s network, the ransomware spread through a vulnerability in Microsoft’s SMB protocol. To prevent social engineering attacks such as phishing campaigns, targeted attacks, etc., your vendor should:
- Require all employees to take annual training classes that provide phishing awareness and education on security and compliance
- Conduct random internal phishing campaigns for training and awareness purposes. These campaigns will indicate whether your vendor’s vulnerability to a phishing campaign is near the industry average or, preferably, below
- Conduct annual developer security training to help ensure their product and environment code is secure
Should your vendor be successfully attacked by a malicious party, the organization should have several implemented controls, covering both technology and processes, that will help minimize and mitigate the potential damage.
Your vendor should utilize best-in-class technology and security architecture to minimize the potential damage, including:
- Segregated networks that minimize the blast radius of any malicious activity
- Daily, encrypted, secure backups of the system that ensure rapid restore capabilities of data and systems
Ask your vendor if they’ve created a set of processes that would guide them through the management of a successful attack on their systems. These include:
- A global crisis management system that guides the communication, activities, and remediation efforts on a worldwide basis. Ideally, this system should be annually exercised and refined to ensure its efficacy and viability
- An annually exercised business continuity and disaster recovery system that ensures the vendor’s data backup and processes are working efficiently
Though a ransomware event is never pleasant, your vendor should have significant preventative, as well as reactive, technology and processes in place to minimize, or completely thwart, an attack. With this understanding, you and your vendor’s other clients will be able to relax during the next attack, knowing that your data is as safe and secure as possible.
Join Gerard Scheitlin for his June 15 webinar, "Preventing and Dealing with Ransomware Attacks." Learn more and register now!