Rapid7: Ransomware Playbook - prevention and action
Whilst knowing the shape of the cybercrime landscape is a vital part of combatting it, no security strategy can be complete without informed details on how best to prevent a cyberattack or deal with one already underway.
The best defence is prevention
With cybersecurity, as with physical health, it is far better and easier to nip problems in the bud before they take on larger, more serious proportions.
First and foremost, importance should be placed on ‘user education’ regarding ransomware to ensure an organisation has a solid surface-level defence.
“User education is the first line of defence in our preventative arsenal - people should not be clicking suspicious links or visiting websites that are known carriers of malvertising networks. Organisations should look to add technology and content that reminds the user to be cautious when the user needs to be cautious,” says the report.
Other useful methods for prevention include:
- Reducing the company’s ‘attack surface’ by segmenting system networks to prevent total infiltration from a single point, as well as siloing mission-critical systems from others.
- Administrate account permissions.
- Use mail scanners to filter suspicious files or attachments.
- Scan for vulnerabilities regularly and thoroughly and patch any weaknesses quickly.
- Monitor processes and macro scripts which could facilitate malware.
Taking direct action
Establishing a good culture of ransomware prevention should stand you in good stead for avoiding a cyberattack in most instances. However, if a threat has been detected, it is often too late and consider further prevention. Instead, Rapid7 states that organisations must take swift and decisive action.
Three options are immediately available:
- Isolate and remove the infected system from the rest of the network to contain the threat.
- Ensure that all files are backed-up regularly and can be restored at short notice if required.
- Where possible, issue new assets in cases where you have reason to suspect that old equipment has been compromised or poses a substantial risk.
Most importantly, Rapid7 advocates that companies do not succumb to the temptation of paying a ransom to restore systems, even if it initially appears the most expedient solution:
“Most stances, , recommend not paying the ransom demanded by cybercriminals. Similar to other criminal actions, it’s recommended not to negotiate since there is no guarantee the criminals will send you the decryption keys and you’ll regain access to your files.
“Paying the ransom will encourage criminals to continue carrying out these attacks by funding their activity.”
How can Rapid7 benefit your business?
As its Ransomware Playbook makes clear, Rapid7 is an expert on every layer of cybersecurity which can help ensure the integrity of mission-critical systems and valuable data.
It does this by tackling the four distinct stages of ransomware, namely: initial ingress, code execution/download/deployment, defence evasion and spread.
“Beyond curated threat signatures, InsightIDR comes with pre-built Attacker Behavior Analytics (ABA) detections built by the Threat Intel team.
“ABA applies Rapid7’s existing experience, research and practical understanding of attacker behaviours to generate investigative leads based on known attacker tools, tactics and procedures (TTP),” says the report.
Proper utilisation of these tools, in addition to Rapid7’s constantly expanding library of plugins and workflows (), will make an organisation thoroughly resilient to the trials of modern cybersecurity.
Education, practical knowledge and strong partnerships will all play their role in ensuring that ransomware doesn’t impact your business; Rapid7 is amongst the best at fulfilling all three.
BIS and Bank of England launch Innovation Hub London Centre
The BIS Innovation Hub's work programme is currently focused on six areas: use of technological innovation in supervision and regulation (suptech and regtech), next-generation financial market infrastructures, central bank digital currencies, open finance, cybersecurity, and green finance.
The launch is part of a plan to expand the global reach of the BIS Innovation Hub, which also includes the opening of Centres with the Bank of Canada (Toronto), the European Central Bank/Eurosystem (Frankfurt and Paris) and the four Nordic central banks (Danmarks Nationalbank, the Central Bank of Iceland, the Central Bank of Norway and Sveriges Riksbank) in Stockholm.
“The BIS, together with its partners, is taking a leading role in coordinating the work of central banks on technological innovation in the financial sector to pave the way for the future of central banking. This new Centre in London reflects the Bank of England's critical role as an innovator in responding to the challenges and opportunities of the digital world while safeguarding financial stability.” said Agustín Carstens, General Manager of the BIS.
“The UK is known for pushing the boundaries of digital finance so it's great to have the new Innovation Hub opening here. Its work will help central banks to support safe innovation, and boost our efforts to capture the extraordinary potential of technology.” said Rishi Sunak, UK Chancellor of the Exchequer.
Importance of banks staying up to date with the latest technologies
It is important that banks upgrade their legacy systems to handle the new wave of digital payments and currencies. The hubs are focusing on the study of these areas so that they can help the various central banks and also carry out their own tests on these as the financial system across the world prepares itself for this digital transformation.
It is likely that there will need to be changes and upgrades to handle the various practices and processes that are to come into existence and it is expected that these hubs would advise the various central banks on how such practices need to be regulated and supervised as the new rules need to blend the processes of both legacy and digitalisation systems.
In the coming years, the focus will turn to green banking. Every institution has a responsibility to take care of the environment and bring in processes to help the Earth stay green. With digital currencies using a mass amount of electricity, it remains to be seen how the banks are going to handle this new developing situation.