Australia-based Anthony Spiteri, Senior Global Technologist at Veeam, suggests three fundamental measures IT leaders should introduce to safeguard their endpoint devices from ransomware threats.
2020 was a cybercriminal’s dream. With a spade of COVID-19 themed ransomware attacks and employees working remotely on unsecure networks, it’s no surprise Australia filed 59,806 cyber-crime reports between July 2019 and July 2020 alone.
Recent research conducted across APAC by Kroll reveals that 47% of all ransomware attacks succeeded by breaching Remote Desktop Protocol (RDP), while another 17% came in through vulnerabilities related to VPNs and other remote access solutions. Ensuring watertight endpoint security is one of the biggest challenges facing IT teams and getting it right could be do or die for Aussie businesses.
To ensure 2021 isn’t marred by the same statistics 2020 saw, organizations across the region will need to commit to investing not only time but also resources into strengthening their endpoint security strategies. Below are three fundamental measures IT leaders should introduce to safeguard their endpoint devices from ransomware threats.
Introduce foolproof structures
Adopt the 3-2-1 rule as part of your data management strategy. This easy-to-remember rule encourages organizations to store three copies of important data, on at least two different devices, with at least one of these copies being stored in the cloud.
The ‘one’ copy in the 3-2-1 strategy is arguably the most critical, therefore, it needs to be ultra-resilient. There are numerous forms of media where this copy of data can be stored securely, consider tape media, immutable backups in S3 or S3-compatible object storage, air-gapped and offline media, or Software- As-a-Service for backup and Disaster Recovery.
The 3-2-1 strategy can almost always guarantee an organization’s data can be recovered in the case of a breach. This ensures minimal impact to Business Continuity, customer confidence and trust. It is also cost effective, as it does not require an organization to purchase any additional hardware to manage its data.
Get the entire business on board
After years of finetuning attacks, cybercriminals have conjured elaborate and creative ways to target organizations. They are aware of the weakest links within an organization and have the know-how to exploit them. While many IT departments can spot a hacker from a mile away, not all areas of a business are always educated on security best practice – making them prime targets for opportunist hackers.
So, while it is imperative that the IT department is across any threats to security, it is important that the wider organization, especially those contributing on endpoint devices, have been given a ‘Cyberthreats 101’ crash course and they are able to identify vulnerabilities.
RDP has been found to be the most common point of entry into a business, closely followed by phishing attacks and software updates. These days, ransomware attackers don’t have to go to great lengths to get their hands-on confidential data. In fact, it’s easy pickings when office workers across APAC are using RDP with many a direct and often inadequately protected connection to the Internet. This simply cannot continue. IT professionals must explore special IP addresses, redirecting RDP ports and complex passwords as a starting point to protect organizational data.
Don’t let your guard down
In the event that an organization’s infrastructure has been compromised, it’s important that IT teams implement additional safety checks before putting systems back online. In some cases, an entire virtual machine recovery will be the best course of action. In other cases, a file-level recovery may be more logical.
The restoration process itself must be secure, run comprehensive anti-virus and anti-malware scans across all systems and force users to change their passwords. In turn, users who log in on endpoint devices should be forced to update their software to ensure that there are no holes in security.
With our work from home arrangements staying put for the foreseeable future, businesses will need to introduce carefully considered strategies to safeguard their endpoint devices. Cybercriminals are highly skilled, so a comprehensive data management strategy like the 3-2-1 rule is key to reinforcing a business’ endpoint security.
Educating all areas of the business on cyberthreats can help minimize endpoint security risk and maximize prevention. But critically, it is the responsibility of both the trained IT professionals within a business and the end-users to ensure any holes in security are patched. This is true for both the most data cautious of employees as well as those that may have presented as an opportune weakness to cybercriminals in the past.