Recent headlines have been dominated by stories about the Colonial Pipeline and JBS ransomware attacks. With multi-million-dollar ransoms, operations shut down for days, and the costs associated with investigating and recovering from the attacks, these incidents are stark reminders that businesses need to remain vigilant in their efforts to protect themselves from ransomware.
As Xantrion clients, we want to reassure you that, when we work together, our state-of-the-art security programs have proven to be highly effective in protecting clients from ransomware over the past several years.
To understand why, let’s look at how the Colonial and JBS breaches occurred. It looks like the hack that took down Colonial was the result of a single compromised password on a former employee’s account. If they had implemented multi factor authentication (MFA) and proper termination procedures, they likely would have been protected. And while the cause of the JBS attack is still unknown, it is likely that this hack could have been thwarted with another basic security measure – regular system updates and patching – since the probable cause of the JBS hack was an unpatched vulnerability.
Our Security Essentials program includes MFA, system updates and patching, along with several additional protections:
- Security Awareness Training – According to a recent Carbonite and Webroot study, employees clicking on malicious email links or attachments and disclosing their login credentials are the top tricks hackers use to deploy ransomware. Our ongoing awareness testing and training helps clients reduce phishing entrapments typically by 90% after one year of using the program.
- Isolated Backups – Your backups are isolated from your network so that even if your network is breached, your backups can’t be deleted or encrypted ensuring they are available for recovery.
- Account Hygiene – We work with you to keep your list of active user accounts up-to-date and terminate access to all systems for non-active users as soon as we are notified of termination.
- Malware Protection – We employ a multi-layered approach for malware protection since malware can be delivered in a variety of ways. We deploy advanced filtering to protect you from malicious websites. We implement anti-malware and advanced threat protection to prevent malware from being delivered and deployed across your network.
- Mobile Application Management – We protect data on your mobile devices by isolating your data within protected, approved applications.
For clients with heightened security or regulatory concerns our full Managed Security program goes even further:
- Enhanced breach detection capabilities – These capabilities alert us to un-characteristic user activity and high-risk activities such as mailbox forwarding rules. They also help us understand if we have a breach disclosure requirement.
- Regular Personally Identifiable Information and vulnerability scans – These scans provide a proactive review of gaps in security and the location of sensitive information. We fix all issues that are found.
- Advanced endpoint detection & response – This protection works better against never seen before attacks versus signature- based protection.
- Incident response, containment and recovery – On the off chance you are breached, we will recover your IT environment at no additional cost.
If you are not sure which security program you have or you would like to discuss your ransomware protections in more detail, please contact your vCIO.