BSI sets clear action steps
By Jörg Vollmer, Qualys
The Federal Office for Information Security (BSI) has published a catalogue of measures for companies to prepare themselves preventively for a ransomware attack.
Jörg Vollmer, General Manager Field Operations DACH at Qualys
The explanation of the measures is primarily intended for companies that have so far dealt little with the prevention of ransomware attacks. The BSI explains several approaches, not one of which significantly protects, but rather a large number of measures complement each other and are effective against attacks in their entirety.
In its catalogue of measures, the BSI lists basic questions that security managers must ask themselves in the course of securing against ransomware attacks, including:
1. Are there backups that are not connected to the IT network?
Backups are the best protection in the event that data is stolen or deleted by attackers. So that attackers cannot additionally access the backup data, this data should be archived distributed outside the current location. As soon as an update of the data in the backup is completed, the connection to the network must be disconnected again. Thus, the data sovereignty lies solely with the company and attackers no longer have the opportunity to access the data.
2. Are currently available patches installed on all devices?
Vulnerabilities periodically appear in devices, in parallel with this, appropriate patches are regularly released. In order to ensure IT security in the company, it is negligent not to check and patch the devices regularly. Continuous patch management is necessary in order not to leave vulnerabilities for which there are already patches. Patching early is the easiest way to ensure device security. If a patch is not available or is not sufficient to completely fix the vulnerability, then alternative remedies must be taken. In both cases, however, the basic prerequisite is the knowledge of which devices contain vulnerabilities, at any time and as quickly as possible, since time is a critical factor here.
3. Which areas of the IT network are used by the department and are they managed centrally or decentrally?
In principle, IT networks should be procured and managed centrally. It is also possible to obtain these decentrally, but the IT security team should be involved here as early as possible. IT managers must be fully involved in the management of the network and be able to monitor it continuously. You should not miss anything – only with a full overview of the entire network can attack points be detected at an early stage in order to implement appropriate measures to maintain IT security.
In principle, security managers in companies should ask themselves these three questions. The answer is accompanied by measures that ensure comprehensive IT security in their implementation and provide a good basis for preventive protection against ransomware attacks. In the event of a successful ransomware attack, it is often too late to limit the damage caused. Companies therefore benefit from appropriate cyber hygiene, which includes ensuring and complying with guidelines and managing and fixing vulnerabilities. Risks should also be prioritized so that security teams can respond appropriately. They are best supported by automated solutions that keep network configurations, backups, IT inventory, application access and patches up to date. If all devices in the corporate network are continuously monitored and managed, then effective protection against ransomware attacks is ensured.