Thinking about the ransomware fightback
It’s happened again – which is not a surprise. We’re referring, of course, to a ransomware attack which is hammering the computer systems of major companies and organisations around the globe.
From the world’s biggest advertising agency to the radiation monitors at Chernobyl, communications are being disrupted, lives affected and money lost.
You may have heard various experts on multiple news channels saying that there’s very little that can be done to stop this from happening again and again. The dangerous ‘payload’ arrives in something as innocuous as an email or a Microsoft Word document. Not unreasonably, it’s opened by a worker and that, as they say, is that when it reaches a network that is not properly protected.
There are ways though to make it as hard as possible for these disruptive programmes to get a foothold. One of those methods has previously been the preserve of larger organisations which can invest more time and resources into very pro-actively managed IT – it’s known as whitelisting.
Whitelisting is the concept of only allowing approved programmes to run and this stops most of the malicious ones from installing their payloads. Whitelisting had fallen out of favour in many circles in recent years as the number and type of devices users wanted to put to work expanded massively.
There has also long been strong push back from users on whitelisting because it limits what they can do. Often people see a piece of software, decide they need it and just go ahead and install it if they can. Or they put pressure on their IT department or service provider to allow them an exception to install it. Human nature doesn’t like inconvenience, but increasingly we’re all going to have to live with a bit of it to avoid a lot of it!
It’s not all draconian though; whitelisting technology has come a long way. Modern software can learn as it goes and even share updates with other trusted systems about which software they have found to be safe.
There’s no doubt that system security is now every users’ problem on a minute-by-minute, click-by-click basis. Starting from a point of locking most things down and then deciding what to let in might actually be the least disruptive way forward, at least for now.
Whitelisting (and routinely removing any unnecessary factory installed software) is something we have long done for larger accounts and installations that we manage for the client. It’s a concept more smaller firms should be making themselves familiar with. It’s also likely to become a more routine activity in new installations of all sizes in the future.
Whatever technological solutions emerge, it remains a fact that the user is often the weakest link in the system. Staff awareness and training remains one of the most potent weapons any business can use in the fight against ransomware.
If you have concerns about any of these issues in your business, feel free to talk to us. A chat costs nothing!