
Five Best Practices for an Incident Response Plan
Use these five best practices to create or update an IT security incident response plan.
It looks innocent enough. It’s an email from Dave in Accounting, even though you really don’t know Dave. There’s also one from your real estate professional, which is a bit odd since she sold you your house more than three years ago. And what’s this email from your bank about an overdrawn account — and why is your bank emailing you at work?
The emails in question include attachments you’re supposed to open or links you’re supposed to click on. The senders may have even provided a compelling case for following through so it shouldn’t be a problem, right? Maybe not. But then again, you might be the victim of a phishing scam and opening the door to a ransomware attack.
Ransomware is often delivered via phishing emails — emails designed to trick recipients into clicking on a malicious attachment or visiting a malicious website. Once they do, the ransomware infects a computer, restricting access to its data until a ransom is paid.
Phishing works because it employs social engineering, the psychological manipulation of people to get them to perform certain actions — like opening an email. It doesn’t take much. People are curious by nature, which is why so many employees click on phishing emails even when they look suspicious.
In some cases, the emails get opened because employees are in a hurry and don’t take the time to “assess” the potential legitimacy of an email. Other times, the email subject line might instill fear, confusion, or intrigue the recipient. Consider how a Microsoft Word user might respond upon receipt of an email whose subject line reads: Your Microsoft Word subscription has expired.
The effectiveness of these tactics is the primary reason that ransomware-carrying emails are increasing. According to the FBI, phishing was the most common type of cybercrime in 2020, and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019 to 241,324 incidents in 2020. Verizon’s 2021 Data Breach Investigations Report (DBIR) reported similar trends, noting that phishing was the top “action variety” seen in breaches in the last year; 43% of breaches involved phishing and/or pretexting.
While many of these types of communications are sent to random email accounts, another type — spear-phishing emails — are more targeted and even more effective. They’re designed to appear to come from a trusted source, such as a co-worker or company leader. Who is going to hesitate to open an email attachment sent by the head of HR or the CEO?
Cyber-criminals also employ other sneaky tactics to increase the chance of the targeted victim opening a spear-phishing email. Among them: social media. It’s not uncommon for cyber-attackers to research the social media pages (LinkedIn, Facebook, etc.) of their targets to gather information about interests, families, friends or job. They’ll then use that information to craft a subject line and email content that will make the target more likely to open the email.
Free eBook: “Enemy at the Gate: A Guide to Keeping Ransomware Out.”
So, who can you trust? Is every email suspect? Is it possible to keep ransomware from sneaking into a system?
There’s no single solution to warding off ransomware, but there are tactics that can help make ransomware attacks less probable. One of the most important is educating your employees on how to detect emails that may contain ransomware. Employees are often the targets of ransomware attacks so make them your first line of defense.
Impress upon employees to:
Beyond employee education, there are numerous security protocols and technologies that should be implemented to help combat phishing attempts. Among them:
Combatting phishing schemes requires a multi-layered security approach. US Signal’s solution architects and security experts can help you craft a well-rounded data protection strategy to help keep ransomware out and keep your data safe should ransomware find a way in. https://ussignal.com/contact
To learn more about ransomware, check out these articles below from our blog or visit our resource center for whitepapers, e-books and more!
Use these five best practices to create or update an IT security incident response plan.
Learn how to expand from on-prem network security to cloud security with these best practices and resources.
Safer Internet Day offers a reminder of steps your organization can take to enhance its IT security and combat DDoS attacks and other forms of cybercrime.