17 Feb 2020
Laptop in datacenter

What if you had to pay to unlock your computer?

Authors

Andy Deprez

EY Belgium Advisory Partner

Consulting, passionate about cycling, petrol head

Koen Machilsen

EY Belgium Advisory Cybersecurity and Privacy Director

Trusted advisor on cyber and technology. Straightforward. Solution-driven. Pragmatic. Enthusiastic. Critical. People manager.

17 Feb 2020

Show resources

How to protect your organization against ransomware.

Ransomware isn’t new. Over the last five years the number of attacks has grown tremendously, usually with financially motivated cyber criminals extorting relatively small amounts of money from victims whose data they are holding hostage (encrypted).

Ransomware is a sophisticated threat that affects the organization’s or individual user’s data to extort money locking the entire system or holding specific files hostage.

The criminals promise that payment will result in data being released, but there is no guarantee that they do.

Customers’ information

17%

Of organizations say their No. 1 fear is loss of customers’ information

Careless employees

34%

Of organizations see careless/unaware employees as their biggest vulnerability

Malware

20%

Of organizations rank malware as their greatest threat

Phishing

22%

Of organization see phishing as the biggest threat

Quick wins to protect your organization

  • Antivirus

    Install heuristic behavior analysis endpoint protection on servers and workstations and frequently enforce antivirus updates. Detect endpoints that do not comply.

  • Network segmentation

    Implement network segmentation between workstations and servers, branches and production networks. Use access control lists between those networks.

  • Procedures for urgent actions

    Develop procedures for network and servers emergency shutdown. This includes assigning ‘owners’ of servers and workstations, who would shut down timely a server under attack.

  • Domain policies enforcement

    Setup strong workstation security compliance rules and enforce domain group policies to all workstations connected to the corporate network.

  • SIEM solutions

    Configure security, information and event management (SIEM) solutions to flag incidents and enable automated cleanup methods.

  • Critical updates & patches

    Regularly apply operating system and software updates, prioritize security updates. Track employee and server assets to ensure compliance across the enterprise.

  • Administrative rights

    Limit administrator access to only those “in need”. Closely monitor privileged administrator access across operating systems in security, information and event management (SIEM).

  • Awareness

    Have a security awareness program in place with proactive testing. Clear guidance should be provided on the dangers of phishing, security updates and educate users on incident reporting guidelines.

  • Backup

    Ensure regular, tested backups are in place and backup data is secured for each critical server to mitigate effects of possible infection and speed the recovery process in lieu of succumbing to ransom payment demands.

  • Web and email protection

    Implement web filtering technologies to prevent employees from visiting malicious websites. Implement e-mail filtering rules to block spam and phishing e-mails.

Long-term initiatives recommended for consideration

It is recommended to consider the following initiatives to assess your initial risk exposure and tackle root cybersecurity issues to improve the cybersecurity posture of the organization.

  1. Ransomware Resilience Assessment
    Conducting a ransomware resilience assessment means combining technical vulnerability testing with assessing your organizational measures to prevent ransomware infections. We identify entry points in your organization, detect vulnerable software and infrastructure and pinpoint organizational areas for improvement.
  2. Cybersecurity strategy revision
    Is your organization focusing on the right cybersecurity initiatives? Is your OPEX and CAPEX sufficiently tailored increase the resilience of your organization in the long run?
    Conducting a cybersecurity strategy revision helps identify areas for improvement on organization, technological and process levels; set priorities for cybersecurity improvement initiatives, align it with business expectations and IT plans, form improvement plans and outline resources required for roadmap implementation.
  3. Business Resilience and Business Continuity Management Revision
    Conduct a risk assessment to identify the level of dependence on IT and operational technology (OT), assess the level of negative impacts of business processes outage (incl. to clients/third parties). The goal of BCM is to establish a sustainable and comprehensive approach and guidance on dealing with specific risks and threats resulting to negative impact on business. Such risks may cover physical threats, nature or technology  disasters, IT/OT incidents, outsources unavailability, supply chain problems, etc…

EY Belgium newsletter

Stay up to date with our EY Belgium newsletter. 

Subscribe

Summary

Ransomware is a sophisticated threat. Cyber criminals extort relatively small amounts of money from victims whose data they are holding hostage. Over the last five years the number of ransomware attacks has grown tremendously. Protect your organization against these attacks with some quick wins and long-term initiatives.

About this article

Authors

Andy Deprez

EY Belgium Advisory Partner

Consulting, passionate about cycling, petrol head

Koen Machilsen

EY Belgium Advisory Cybersecurity and Privacy Director

Trusted advisor on cyber and technology. Straightforward. Solution-driven. Pragmatic. Enthusiastic. Critical. People manager.