In light of the latest cybersecurity trends, such as the increased threat of ransomware and malvertising, small- to medium-sized businesses should investigate the best ways to protect their IT assets from cyber attacks. Strong security tools and practices such as regularly backing up data can make a big difference. An especially important solution to consider is network security monitoring, particularly from a managed security service.
Defending Against Ransomware
Ransomware has matured from an uncommon attack to a regular subject in the daily headlines. Essentially, ransomware is malicious software that infects a victim's machine and does damage—usually by encrypting files and thus preventing ordinary use of them—and then demands a ransom payment to undo the problem.
The first use of ransomware appears to date back to the 1980s, when Dr. Joseph Popp created a Trojan known as PC Cyborg that encrypted files and requested that $189 be mailed to a PO Box in Panama in exchange for the password to decrypt them. Today ransomware is making headlines due to its use in audacious hacks on hospital facilities, first against Hollywood Presbyterian Medical Center in California, then against other hospitals in the same state, and most recently against the Medstar Health hospitals in Maryland and Washington, D.C. In these cases, medical professionals have been forced do all work manually as administrators declare emergencies and shut down computer networks in an effort to solve the problem.
One of the best ways to guard against ransomware is to establish a policy of backing up data regularly. IT teams can develop routines for creating backup copies of their organizations' data at scheduled, frequent intervals. Then, if the computer networks are infected by ransomware, the organizations can restore their systems from a recent backup rather than pay whatever the hefty ransom is. When companies pay the requested ransom, it emboldens cyber criminals to continue their schemes against future victims.
Defending Against Malvertising
Malicious advertising or “malvertising” is the use of online ads to spread malware. Ads are everywhere on the Internet—billions of ad impressions are created each year—so it is not surprising that hackers find them convenient to make use of. Malvertising may include Flash-based attacks and drive-by downloads along with a variety of other techniques. Specific instances included YouTube ads with Java exploits that executed drive-by attacks on unsuspecting users in 2014.
Defending against malvertising means good endpoint security and installing ad-blocking software. Adblock Plus is a popular and recommended program to stop advertising, and if users wish to contribute to websites' ad revenue, they can configure whitelists to allow ads on whatever websites they think are trustworthy.
Managed Security Services
While ransomware may be mitigated with back-up practices and malvertising with ad-blocking, companies still face the threat of hackers who can end up costing businesses tremendous amounts or bringing them down altogether. One of the best ways to defeat these adversaries is network security monitoring: observing computer networks to raise the alarm if activity is suspicious and indicative of a breach.
More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!