Ransomware, phishing and impersonation are still top threats in the cybersecurity space. Attackers are constantly evolving their approach to these threat vectors, and organisations need to be aware of the gaps in their security and ensure employee awareness.

While all are at risk from automated and indiscriminate attacks, some of the biggest targets have been education, health and government institutions.

With ransomware, attackers use malicious e-mails and websites to lock organisations out of their files and demand exorbitant amounts to access them.

Phishing lures victims into executing actions without realising the malicious drive. The less aware the targeted user is, the more fruitful the attack. Likewise, in the case of targeted attacks, phishing e-mails are created to look like they come from a trustworthy sender. Most phishing campaigns embed links to landing pages that steal login credentials or e-mails that include malicious attachments to install malware.

CEO fraud, business e-mail compromise and “whaling” are specific forms of impersonation attacks where malicious individuals pose as high-level executives within a company. Stopping an impersonation attack requires strong security policies and vigilance on the part of employees. But because these attacks are designed to take advantage of human error, solutions that can automatically scan e-mail and block any potential attack are required.

No one is safe from these most high-profile of crimes. But despite the hi-tech appearance of ransomware, the crime is quite simple: its perpetrators know that if they steal something precious from an organisation, the victims will often pay to get it back. However, there are many cases where the ransom is paid and the victims remain locked out.

Healthcare facilities under attack

Hospitals have had to rapidly expand network and Internet-connected technology and deploy remote systems to support employees. As a result, a growing number of private and public health facilities run by governments have faced cyberattacks, interrupting care and putting patients at risk. The smallest mistake, such as opening a link from a suspicious e-mail, has led to delays in patients’ treatments and limit access to electronic health records.

Academic institutions have also emerged as a favourite hunting ground for hackers. The sudden transition to online learning caught many off-guard, which gave hackers plenty of chance to break into networks using all available means. This is done with the knowledge that academic institutions’ IT departments may not have the resources to properly secure their fleet of devices.

Unfortunately, most students and staff likely lack basic security awareness. Attacks have trickle-down effects on school staff, students and parents, who are often casualties in attacks that leak sensitive personally identifiable information.

Reliably prevent, recover and restore sensitive data

It is important to prepare for and speed up response to ransomware. There are countless tools and practices that can deliver protection or recovery. Traditional efforts alone are not enough to thwart ransomware attacks.

While public clouds are slightly more secure and resilient against ransomware attacks than traditional environments, there isn’t a foolproof way of preventing such attacks from occurring. Even with advanced technology, Amazon Web Services, Microsoft Azure and Google Cloud have not been unreceptive to ransomware attacks.

An agentless software-as-a-service-based platform that delivers cloud workload protection and cloud security posture management has been proven to reliably manage vulnerability on the cloud.

Tools, practices, and training methods can efficiently help organisations prevent, recover and restore data, and give them a 24/7 pair of eyes against ever-emerging threats. These include, but are not limited to the following:

Educating staff: Allocating resources for team training and awareness.
Spam filters and e-mail security: Using advanced, multi-layered spam filters to block the full spectrum of e-mail-borne threats.
Security updates across organisations and endpoints: An advanced threat prevention tool for endpoints that uses a layered approach with multiple detection techniques that protect against ransomware.
Multi-factor authentication: Two-factor authentication can be used across the organisation to increase security beyond the level provided by passwords alone.
Backup and recovery: A disaster recovery solution that can recover all data and systems during an attack to a state before the ransomware infection took hold.
Blocking unreliable websites/Web filtering: Locking access to malicious, hacked or inappropriate websites for all of the organisation’s devices through the use of a Web application filter.
Malware sandboxing: Assessing risk through a fast, coordinated detection and enforcement tool across the entire attack surface.
Web traffic inspection: Adopting a defence-in-depth strategy with multiple layers of protection to provide full-spectrum web security from known and previously unknown (zero-day) threats.

None of the above measures will be able to stop an extortion disaster on their own, but taken together they can greatly increase security and boost cyber resilience. Having a proper ransomware incident response plan is essential today and rehearsing this plan is even more important.

Avoid paying ransoms and potential huge losses by investing in preventative measures. Ask Maxtec about its array of solutions for phishing and ransomware prevention and cure.

About Maxtec
Maxtec distributes market-leading data security technologies that are trusted around the globe. We empower our South African and SADC IT partners with: the advanced Security Fabric from Fortinet | Intelligent Broadband from Allot | SSL/TLS certification from Sectigo | Ai Network Defence as a Service from Cyglass | Agentless DLP from ItsMine | Backup and Recovery from Acronis | Vulnerability Remediation from HCL BigFix | Agentless Cloud Security from Orca | Instant Streaming Data from Redstor | Robotic and Hybrid Storage from Spectra Logic.