Insight

Ransomware – 5 Best Practices

There are three kinds of organisations in the world — those who have been hacked, those that are next in line or, worst of all, those that don’t know they’ve already been hacked.

Thinking that you and your business won’t be a target, or that you don’t have any valuable or interesting data, is a false sense of security and the most common mistake most people make.

As you navigate through the digital world, you leave digital traces behind like digital breadcrumbs. Every time you register at a website, or even simply sign up for an event, you use a username and password.  The username is usually your email address and the password is, for 60 % of people, a re-used password.

Cybercriminals are constantly, and successfully, attacking these websites to harvest login information like email addresses, login names, domain names and any other information they can retrieve. This is just the first piece in a larger, more elaborate digital jigsaw. The data they retrieve will be placed in cloud caches, analysed and enriched with other data sources like a social media post, LinkedIn profiles and multiple other telling pieces of information that is readily available.

As soon as cybercriminals establish relationships between these digital jigsaw pieces, they create a profile and you become a target.   Armed with this digital profile, they have the keys and further opportunities to gain access to newer, larger and more sensitive data sources.  Every piece of additional information they gather, brings them many strides closer to successfully hacking you personally, and worse still, your extremely valuable corporate IT systems.

The National Institute of Standards and Technology (NIST)  produced its Cybersecurity framework (CSF), that sets out 5 best practice functions that are widely considered to be the default standard for building a robust cybersecurity program.  They are applicable to organisations of all sizes, and all industries, whether you’re just getting started in establishing a cybersecurity program, or if you’re already running a mature program.

1. Identify: Know what you have, where you have it and the value is of every single resource individually plus the value all resources combined.
2. Protect: Develop and implement appropriate safeguards to ensure critical infrastructure service delivery and proactively support your ability to limit or contain the impact of a potential cybersecurity event.
3. Detect: The faster a cyber event is detected, the faster the repercussions can be mitigated.  The early discovery of cybersecurity events is a critical step to a robust cyber program
4. Respond: Develop appropriate techniques and actions to take when a cybersecurity incident has been detected.  The faster and more effectively you respond to a possible detection of a cyber incident, the faster you can stop the threat in its tracks or mitigate its damage and reduce any potential financial impact.
5. Recover: Maintain appropriate plans that can be implemented to restore any impaired capabilities or disrupted services due to a cybersecurity event. Timely recovery to normal operations reduces the impact of a cybersecurity event.

OSG partners with industry leading backup and recovery technology solution providers.  We can help review your current security posture and build and implement comprehensive and robust cybersecurity program that guarantees the security and protection of your digital estate.

Importantly, we provide you with the absolute confidence, backed by contractual commitments and SLAs, that your business can recover from any incident within an acceptable, defined and predictable timeframe.

Don’t wait until after an event, take some pro-active steps today and make security a priority for your business.