Ransomware and exploitation of networks are becoming much less random and more of a targeted event. Threat actors are beginning to move away from spray and pray phishing emails. Although the vast majority (54%) of ransomware attacks come from phishing, we are increasingly seeing a phenomenon known as whale hunting.
Data breaches are occurring at a rate never seen before and all the malicious activity is being monetized and turned in a business. Faced with these problems that are only getting worse, how do we maintain a secure environment and protect our assets? The answer is vigilance and hygiene. We must develop and maintain standards that holistically protect our networks and infrastructure.
Documentation is key for maintaining a secure environment. To know where vulnerabilities are, what needs to be protected, and how to best protect it - you must have in-depth documentation of the environment. Download this useful template to audit and record your asset inventory, document policies, company contacts and emergency contacts. Included is also a great list of more free resources and websites to keep on file for future use and reference.
The Strategy Behind the New Security Model
Zero Trust is a strategic security model that restricts everything and anything from gaining access to systems without first being verified, even if the connection is coming from inside the organization. The model ensures that users who have access by default, are required to continuously verify their identity. The implementation of the Zero Trust model has increased dramatically as people continue to work from home - resulting in an increase of cyber-attacks.
As the threat of ransomware continues to increase, it is essential for SMBs to secure common vulnerabilities to lower their risk of suffering from a cyberattack. Vulnerabilities are underlying weaknesses associated with a certain system, and if not identified in time - can expose a system to a potential threat.