More than 70% of ransomware attacks target small business, with an average time of infection to encryption within three (3) minutes. Most data breaches and ransomware outbreaks happen because of two problem areas: 1) The perpetrators take advantage of known vulnerabilities from outdated, unpatched and unmonitored operating systems/applications; 2) The typical end-user is given too much privilege to the OS, Applications and Data they access and their account has been compromised by sophisticated (sometimes not quite so) phishing/social engineering attacks.
A vast majority of these incidents can be avoided by implementing four simple steps: 1) Keep operating systems and applications up-to-date with most recent versions possible and the latest patches/fixes/service packs; 2) Implement the principle of least privilege when securing operating systems, applications and data; 3) Implement technologies and controls that monitor for anomalous user activity and prevent data exfiltration (Data Loss/Leakage Prevention); and 4) Implement a Security Awareness Training Program and tools to monitor/report on its effectiveness.
A lot of organizations are still running on Microsoft Windows Server 2008/R2 Active Directory. Windows Server 2008/R2 has been out of mainstream support since 2015 and will soon be an end-of-life product. Also, many organizations are still running on older versions Microsoft Office and Windows desktop/server operating systems that are out of mainstream support and nearing end-of-life, which puts them at greater risk of security exposures and makes them a more likely target. If this is the case for your organization, then this needs to be addressed as quickly as possible.
How Can We Help?
At The Information Strategists, we have put together a portfolio of services and solutions to help organizations, like yours, address challenges like these. Listed below are just a few of the areas where we can help you focus on addressing the issues above:
Assessment & Upgrade/Modernization
- Active Directory Vulnerability & Cyberattack Assessment
- Business E-mail Compromise Assessment
- Office 365 Security Assessment
Security Monitoring & Compliance
- SOC-as-a-Service (Security Operations Center)
- Dedicated Security Engineer
- 24×7 Monitoring of on-premises and cloud-based (Azure, AWS, Office 365, G Suite, Box, more…) resources
- Managed Detection and Response
- Security incident and Crisis Support
- Security Awareness Training
- SaaS based Training and Management
- Reporting and user management
- Simulated Phishing Attacks
- Governance & Compliance Management
- Compliance Dashboards with Automated Reminders
- Policy Workflow
- Compliance Templates
- ISO 27001
Data Loss & Leakage Prevention
- Mobile Device & Mobile Application Management
- Information Leakage Protection/Advanced Threat Protection
- Cloud Backup
- Any Windows Server or Linux based workload from anywhere
- Windows and Mac OS
- Android and iOS
- Office 365
- G Suite
If you’d like to schedule a web conference or in-person meeting to discuss these offerings and see where you think we could be of assistance in prioritizing initiatives to help protect your business from being an easy ransomware target, contact us here.
Darren Brinksneader is President and Chief Strategist of The Information Strategists. Darren has been a consultant, trainer and public speaker in the IT industry for nearly 30 years, providing expertise and solutions for both private and public sector organizations.