With the regularity of Ransomware attacks becoming alarmingly more frequent, within both the public and private sectors, everyone is now sitting up and paying extra attention to information security.
Ransomware attacks are not new, the first attack was in 1989. However, they are constantly evolving their forms to make the attack more successful. As always, prevention is better than cure, and here at Dionach, we have developed a new type of service for which the ultimate goal is to ensure that any type of organisation is prepared and well organised to tackle a possible Ransomware attack.
The service is called Ransomware Readiness Review and consists of five sections:
- Information Security Policies Assessment
- Endpoint Security Assessment
- Endpoint Security Central Management Assessment
- Backup Assessment
- Phishing
Information Security Policies Assessment
During this phase, the consultant’s goal is to ensure that solid policies and procedures to tackle the threat of malware are developed by the organisation and made available to the employees. Policies and procedures should state acceptable use of Internet, emails and instant messaging. Also, they should cover the installation of software, recommendations when opening attachments, such as Office documents with macros, or clicking on links in messages from untrusted sources. The policies should also require that staff report potential attacks to the IT department or person responsible for information security. Finally, policies and procedures should cover staff training and security awareness at induction and subsequently.Endpoint Security Assessment
In this section, the consultant reviews the technical security configuration and hardening of the organisation’s standard builds. If standard builds are not part of the organisation’s process, a sample of endpoints is reviewed. At this stage, the consultant performs a number of technical checks against the endpoints. Some of them involve the following aspects:- Missing critical operating system or third party patches
- Antivirus and antimalware
- Privilege escalation vulnerabilities
- User permissions
- Application whitelisting
- Browser plugins
- Egress filtering