Here at Kinetix, we have watched with great concern as ransomware attacks, and other cybersecurity-related threats, have continued to grow in frequency and severity. Just in the past week, the Colonial Pipeline incident disrupted access to critical energy resources for a large portion of the country and Ireland’s health service network was shut down in the middle of a pandemic due to a similar attack.
As these incidents grab more and more headlines, you are likely wondering where your organization is exposed or what else you should be doing to protect yourself. To help, we’re sharing our assessment of where our clients stand & what else they can do. The best time to make security improvements is before a successful attack but, unfortunately, it is not always the most popular time.
How to Protect Your Organization
The steps you can take to protect yourself are largely dependent on your environment and how you engage with your most critical data and systems. Kinetix clients can work with their Client Success Manager to prioritize and customize these recommendations, but we want to provide general observations and share best practices from across our portfolio with everyone.
Ransomware Protection Checklist
Diversity and simplify your technology
Most of the major attacks covered in the media have been primarily caused by privately-managed and inadequately-configured on-premise infrastructure. In general, our recommendation for all clients has been, and continues to be, to remove single points of failure and offload the risk of maintaining complex systems to reliable, secure, and diversified enterprise cloud providers wherever possible. In a few cases, clients have been forced to continue using these locally hosted servers because of line-of-business applications that were incompatible at the time with cloud-hosted solutions. Other Kinetix clients have elected to maintain these solutions mainly to save money despite recommendations by Kinetix to move to cloud providers, especially for file sharing. Your organization will never be able to invest the same amount of time, money, redundancy, monitoring and general expertise into protecting your data as the enterprise cloud providers who specialize in this. We will continue to push clients in this direction.
Implement least privilege
The vast majority of businesses provide way more access than is needed for employees and/or contractors to handle their job functions. Even if a user account is compromised, if it has appropriately-scoped permissions, it’s unable to cause a major business disruption. Starting with your most critical systems, analyze access rights and aggressively and unapologetically reduce access. It’s more convenient to deal with a team member asking to restore some of their access than the fallout from a major attack.
Master the security essentials
Most businesses have opted out of investing in essential security protections or have instead chosen to invest in low ROI protections for less likely incidents. Our strategy over the past few years has been focused on educating clients on the essential protections that provide the most security for their spend and providing the best of these tools in simple-to-understand service bundles. If you are a Kinetix client, you have these essentials available to you. If you’re interested in learning more about Kinetix’s Security Essentials, please contact us.
Add backup redundancy, and then add more
Take an interest in the handling and redundancy of your mission-critical data and understand how often it’s backed up and where it’s backed up. For clients leveraging cloud services, this is the responsibility of your provider. For clients who must privately manage data, ask yourself what you would do if the server was locked forever. To protect against this, we offer many tiers of backup options, up to and including geographic failover, to maintain access even in a wide-area disaster. Specifically, we have developed a new low-cost offsite backup system for clients who must maintain on-premise servers and we can send over more information about this upon request. If you’re interested in learning more about how Kinetix can manage your backups, contact us today!
Choose quality cloud services
Our recommended cloud file-sharing provider has long been Egnyte. Egnyte customers who have their synchronized server or workstation data exposed to ransomware (or any kind of threat) can have their data quickly restored by Egnyte’s quality support service within minutes. By contrast, we have observed organizations with competing products (like DropBox, Drive, or Box) have inferior experiences with the respective support teams when requesting any kind of data restore. This can be the difference in recovering data in minutes versus days.
Enable multi-factor authentication (MFA)
Many clients do not have multi-factor authentication enabled for all accounts on every cloud service, even when it’s available. This is not a silver bullet to all forms of ransomware attack vectors, but it will greatly reduce the chances of a future attack via a compromised account. We highly recommend implementing a single sign-on solution (SSO) to provide a single MFA-protected portal to your various cloud applications. Among the SSO options out there, we recommend OneLogin for its ease of use, reporting capabilities, a wide range of features, and superior customer service.
Inventory loaner equipment
Many clients do not have a substantial or well-maintained pool of loaners on-site to account for users whose workstations become unusable and require extended remediation. If your CEO’s laptop was to get hit with ransomware, how quickly would you be able to get him or her back online? Learn more about how Kinetix’s Inventory Management service can take this off your plate and ensure you always have a loaner ready to go.
Educate users
User education remains one of the most crucial tools in protecting your organization as even the most well-intended user action can open the door for a successful attack. Approximately 70% of attacks come via email so well-informed users can be your most important security firewall. Every Kinetix client has KnowBe4 training and phishing simulation available to them, and if you haven’t taken advantage of all the tools it offers, now is the time.
Obtain cybersecurity insurance
Some Kinetix clients do not have insurance for cybersecurity incidents, which exposes them to significant financial liability in the event of a successful attack. Because of the industry trends, premiums for such coverage are steadily rising so we recommend adding coverage as soon as possible. Cybersecurity insurance coverage is a requirement in today’s business world. If you need help finding coverage or want to review your coverage, please reach out to your Client Success Manager or contact us.
Have a plan
Finally, and most importantly, many Kinetix clients do not have documented or updated Business Continuity Plans to dictate the steps management and users will take in the event of a disaster. While prevention efforts are certainly important, disasters (including, but not limited to, cyberattacks) are inevitable for every business and knowing how to respond when they happen is critical.
We hope this information has been helpful in understanding where your business could still be exposed, and what you can do about it. We recognize that all businesses are unique, so we’re happy to consult with you to determine which of the not-yet-implemented above best practices are the highest priorities for your organization.
Thanks,
Conner Wilkinson, CISSP, CISM, CEH
VP, Security & Client Strategy | Kinetix
650-454-8850 | conner@kinetix.com
