Several years ago, the WannaCry ransomware attack was all over the news, infecting over 400,000 computers. The threat was fairly straightforward: Pay us or we’ll erase your files.
Ransomware, like the WannaCry attack, works by encrypting your files to prevent you from using or accessing them. After your files are compromised, the hackers behind the attack then pop up a demand screen asking for payment within a set time frame (e.g., 72 hours, three days, etc.) in order to get the key to decrypt your files. WannaCry forced many business owners to lose data or pay up since there was no other way to decrypt the files – and many paid without getting their files back.
Obviously the best way to foil a ransomware attack is to be incredibly diligent about IT security; but with hundreds of thousands of new attacks being created daily, there are no guarantees that you won’t get infected. What's even worse is that yesterday's security advice won't work today because the attacks evolve and improve over time.
So what's the answer? Get a GOOD cybersecurity firm to protect you. And then get another 3rd party consultant to look over their back to make sure they are doing what you pay them to do.
Episode Show Notes:
- 5:00 - Joe tells the story of WannaCry Ransomware
- 5:50 - How did this worm get the name "WannaCry"?
- 6:10 - The background story of this virus (listen - this is almost as interesting as the actual exploit itself!)
- 6:25 - How did this virus start? (Hint: your employees are your weakest security link!)
- 6:50 – The different stages of ransomware:
- 1. Initial access
- 2. Execution
- 3. Escalation
- 4. Defense evasion – hiding around from your antivirus
- 5. Then the exploit, the impact
- Stupid: When it comes to cyber security stupid is thinking you can DIY. Thinking you can protect your business from these hackers by yourself. “Thinking you can do this yourself, that cyber security is a DIY type activity is flat stupid” - (16:00)
- Irresponsible: Is trusting your IT company / cyber security firm WITHOUT VERIFYING. - (16:55)
- The DIY approach to security - we are going to talk about DIY first to make the point we are giving this formula NOT as a formula to do it yourself, but to rate your current support system. Then, if these things aren't happening you know you’ve got to do something different now! - (20:00)
- 20:17 – If you can't easily answer these questions about the things happening in your company YOU HAVE A PROBLEM!
- For example – Is your backup running? Are there test restores going on?
- Top 9 ways to protect against ransomware: - (21:40)
- #9 - Data Backup (test restore)
- Have a solid backup - this used to be #1 most important on the list and the get out of jail free card
- Now a backup alone is NOT ENOUGH!
- #8 - Get a good, enterprise-grade firewall
- Get a good firewall, that is current, up-to-date security subscriptions, somebody monitoring the firewall. Get a good firewall make sure somebody's watching it.
- #7 – Password Management in place
- (Listen to Episode 1: The Stupid things people do with passwords)
- #6 - Policies and Procedures
- If your IT company isn’t doing this for you and doesn't have this place then you’ve got some questions to ask!
- #5 - Two factor authentication (2FA) in place
- If your IT company isn’t annoying you to death, then they aren’t doing their job!
- #4 - SOC 24/7/365
- #3 – Behavior-based anti-malware
- You have to have a behavior-based anti-malware in place, but all this does when it finds something suspicious is it raises an alert. Which goes back to our point that someone needs to be watching this, getting alerts all day every day!
- Most businesses don’t have the capacity to do this on their own, both in time & expertise.
- Generally, this is something that is outsourced.
- #2 – End User Training
- This is the 2nd most important thing you can do, it is CRITICAL! (28:30)
- Things are changing every day. Something new is going on, something changed, hackers are getting smarter (28:30)
- By training your end-users, employees, this creates a culture of awareness and gives them refresher.
- Phishing simulated attack – we have a security piece that will send us a fake email that says click this link – when we do click on it, it locks our computer down and makes us take a training course
- If you don’t have that in place you have questions to ask your IT company guys
- #1 - 3rd Party Review
- This is the NUMBER 1 thing you NEED to do that is absolutely critical to protecting your network. Have a 3rd party audit and extra set of eyes checking others work. (30:10)
