Protecting your business against ransomware: a management stake



The massive use of digital on the part of companies to carry out their operations has led them to change their management method, to store and exchange ever more information directly on and from their workstations. It is this paradigm shift that partly explains the success and rise of cyber attacks in recent years, especially those carried out via Ransomware that demand ransom from their victims to unlock their systems or not publish their confidential data. These attacks primarily target users during their interaction with the Internet (website or trapped email) for the initial compromise, before contaminating the rest of the company’s information system through lateral movements. It should also be noted on this subject that the criminal ransomware network has been structured: on the Darknet, there are players who publish ready-to-use kits and offer control platforms for hire, as well as service providers. money laundering for ransoms paid in cryptocurrency. They thus allow sponsors to launch their first attacks very quickly with little technical knowledge. This phenomenon is no longer anecdotal, its very profitable business model is evolving (we are now talking about triple extortion) and represents a market of several hundred million euros each year on a global scale, with even the beginning of a reaction. at the state level. Treat the subject before being affected The analysis of attacks (published) over the last three years shows that organizations of all sizes and in all sectors are concerned: from local micro-businesses to multinationals. The subject must be taken seriously by all companies and integrated into their governance (not only at the level of the IT Department, but rather of the General Management which will play a fundamental role of sponsor for the success of the project). Once this awareness has been achieved, we must then evaluate how to do it. Agrave; At this stage, many companies limit their answer to a question of tools, often expensive. While this approach may be effective to a certain extent, it is clearly not sufficient, especially when the promise of automatic and effortless security is trumpeted. Focus on the weak link Concretely, it is the user / workstation link that is the key link to be taken into consideration. Therefore, the subject of awareness is essential and must be part of the project from the start of an important part of the system. This founding action will allow teams to integrate knowledge and adopt good reflexes on the use of IT tools and electronic messaging in particular. However, it is also necessary to assess the configuration of said workstations. In this sense, on targeted and representative positions, it is necessary to carry out a “Stress Test”. This approach consists in providing an evaluation at a precise moment, for a user account and a given computer, of its exposure and its resistance to the attack vectors of the active ransomware groups, that is to say their Techniques, Tactics. and Procedures (TTPs). Among the themes evaluated, we can notably cite structuring points such as: user rights, software updates (not only those of Windows, but also those of third-party applications), network partitioning, application security, content filtering of emails and web browsing, relevant event logging, detection of suspicious events, data backup strategy as it is actually performed and as understood by users, or the level of preparation for security incidents and employee awareness. Checking and improving its level of resistance against Ransomware is therefore a strategic subject for all companies. It is by mobilizing on a large scale and constantly updating one’s posture that it will be possible to limit one’s exposure to cyber risk.