2. Consider privileged access management
An attacker’s goal is often to obtain persistent access and escalate access privileges. The attacker requires significant access and leverage to propagate ransomware across the IT environment. If an attacker gains access to wide system admin credentials, or worse yet, domain admin credentials, they can use your infrastructure against you to widely disrupt IT systems and deploy ransomware.
It’s critical that organizations do everything they can to protect privileged accounts and administrative access within their environment. Without privilege, an attacker is limited in being able to widely impact the organization. Unfortunately, many organizations make gaining privileged access too easy and aren’t monitoring for unusual privileged user behavior patterns
Additionally, malicious actors often focus their efforts on phishing employees to obtain needed credentials or system access for their attack. Employees are human and make mistakes, despite their best efforts and intentions. To reduce the opportunity for successful phishing attacks, organizations should focus training and testing efforts on the individual employee.
3. Create a cybersecurity incident response plan
Even if an organization takes all the steps to protect its network, an attacker will likely find a way in. Threat attack methods are constantly changing, and it’s virtually impossible to consistently avoid infiltration. It’s important to assume an attacker will get past the best defenses and plan for attacks by building resiliency and redundancy into your organization. This helps organizations limit damages and allow for a quick recovery from a cyber attack.
A cybersecurity incident response plan is a key asset — and it must involve a broad team beyond your cybersecurity team. Consider all internal and external roles that may be involved; all key vendors and contacts; outside firms that can assist with forensics and legal needs; and how to identify, contain, remediate and recover from a cybersecurity incident.
Once you have your plan defined, it’s critical to test it. This is typically done through tabletop exercises, where organizations can pull all required personnel together to safely simulate a ransomware event. The more an organization practices, the more it will identify ways to improve the plan, train employees, reduce the panic if an event occurs and best position itself to respond to a cyber crisis.