The solution: With well-designed network segmentation, significant barriers can be erected for threat actors that are difficult to overcome. Companies should strictly separate server and client networks and only allow explicitly necessary connections. Equally important is the separation of operational technology (OT) and IT. Production and control systems, for example, have no place in a pure office network. Companies with critical infrastructure, such as municipal utilities, must ensure that no access is possible. In addition, quick wins such as a management network can also be implemented. Here, only administrative accounts are granted access, each of which is secured via a VPN with a second factor. This provides a high level of security without interfering with the daily work of normal users.
5. Inadequate backups
The problem: Having a backup is not enough when it comes to data loss. It must also be recoverable. What’s more, cybercriminals specifically search for backups to delete or encrypt them as well. This increases the pressure on companies to pay ransom.
The solution: Backups should always be disconnected from the network and the internet. This means no connection to Active Directory and storage in a separate, isolated network segment so that they are usable after a ransomware attack. Time and again, criminal groups abandon their attacks when they cannot find or access the backup servers. This means they lose the leverage they need to enforce their demands. At the same time, the longer they search for the backup, the more time companies have to detect the attack.
