Steve Murphy, IT expert and VP, ARG

5 Steps to Prevent Ransomware

Industry Voices Security
Steve Murphy Headshot
Title slide shows the presenter Steve Murphy along with the title of his presentation, 5 Steps to Prevent Ransomware

Steve Murphy’s five steps for stopping threat actors in their tracks

Ransomware is becoming more prevalent as the bad guys get better at sidestepping preventive methods. Every business is at risk. In this 10-minute video, IT expert Steve Murphy shares five steps you can take now to help protect your organization from a ransomware event.

Show more

You’ll learn

  • Why it’s so important to know exactly what data you have under your control 

  • Why you should absolutely automate detection, no matter the size of your organization

  • Why it’s important to practice your disaster scenarios and how to make it entertaining 

Who is this for?

Security Professionals Business Leaders


Steve Murphy Headshot
Steve Murphy
IT expert and VP, ARG


0:00 hi and welcome back to my channel

0:02 ransomware is the biggest threat to a

0:04 business i don't know of any business

0:05 that be able to continue operations

0:07 without their data for more than a few

0:09 days

0:10 even though your data may have been

0:12 moved to the cloud you're still at risk

0:14 and it's your responsibility to protect

0:16 the continuity of your business

0:18 hi i'm steve murphy i'm a vice president

0:20 at arg and while i work for arg this

0:22 video is my own and not necessarily

0:23 reflection of the views or opinions of

0:25 my employer

0:26 ransomware is becoming more and more

0:28 prevalent the bad guys are getting

0:30 better at sidestepping preventive

0:31 measures we put in place

0:33 it's an old adage but one that applies

0:35 to ransomware attacks it's not a

0:37 question of if but when

0:39 now everyone needs to view their

0:41 business as a target threat actors are

0:44 not interested in disrupting your

0:45 business because they dislike you or

0:48 what you do

0:49 they want to your business so

0:50 you'll pay them to restore your ability

0:53 to operate

0:54 businesses of all shapes sizes and

0:57 industries need to be aggressive in

0:59 protecting their organization's ability

1:00 to continue functioning

1:02 if you have a bank account you are a

1:04 target the bad guys don't care what you

1:06 do

1:08 i've assembled five steps to help you

1:09 protect your organization from a

1:11 ransomware event

1:12 at the end of the video i'll share a

1:14 non-it best practice for you for when

1:17 ransomware strikes your organization

1:19 so here we go with step number one

1:22 know what you have

1:24 this seems pretty basic but it's

1:25 astonishing how many organizations think

1:28 they know what they have but upon a

1:30 complete inventory

1:31 they discover numerous network segments

1:33 or cloud services that house data that

1:35 were previously unknown

1:37 a recent study from veritas claims that

1:40 as much as 35 percent of data is unknown

1:43 to the it organization

1:45 now

1:46 take the 35 with a grain of salt veritas

1:49 is in the data protection business so

1:50 that number might be a little inflated

1:52 but if it were 20 percent would you feel

1:54 much better i don't think i would

1:58 threat actors seek out these forgotten

2:00 packets of data

2:01 that's where the vulnerabilities are

2:03 most likely found that's where network

2:05 scanning is likely missing

2:07 and that's where they can establish a

2:08 foothold and start reconnaissance on the

2:10 rest of your network

2:12 to inventory your data and

2:13 infrastructure you can either conduct an

2:15 old school survey or utilize an

2:18 automated scanner to search out and

2:20 index your data automated approaches

2:23 will give you the best results from from

2:26 a cataloging and mapping perspective but

2:28 it may not capture that 20 to 35 percent

2:31 of unknown assets in the organization

2:34 after the automated approach examine the

2:36 categorization see if you can identify

2:38 gaps

2:39 and use that data to create an old

2:41 school survey to help you confirm that

2:43 you have a good inventory it may lead

2:46 you to as yet undiscovered data

2:49 tip number two

2:50 automate detection

2:52 what's the worst way of

2:55 detecting or discovering an incident on

2:56 your network

2:58 having a user come to you saying my

2:59 stuff isn't working anymore that's the

3:02 absolute last way you want to discover

3:04 an incident yet for many mid-size

3:05 organizations that's the only way they

3:07 know that they're under attack

3:09 the best way to defend against a

3:11 ransomware attack is to keep it out

3:13 that's a no-brainer but the second best

3:16 way of defending against a ransomware

3:17 attack is to stop it early

3:20 establishing tools to detect and shut

3:22 down suspicious activity gets you

3:24 playing offense rather than constantly

3:26 playing defense

3:28 the traditional way of accomplishing

3:29 this is to implement a security

3:31 information and event management system

3:34 an s-i-e-m or pronounced sim

3:37 the traditional sims are excellent at

3:39 identifying known threats based upon

3:41 iocs or indicators of compromise

3:44 and documented behavior patterns the

3:46 problem is today's threats change each

3:49 time they're installed so what's been

3:51 documented about them in the past

3:53 may not be present in today's version

3:56 leaving traditional signature base

3:57 detection at a disadvantage

4:00 the better sims have been upgraded with

4:02 threat detection

4:04 using artificial intelligence and

4:05 machine learning that scan the network

4:08 for unusual behavior that might be signs

4:10 of a threat

4:11 unless your organization is very large i

4:14 recommend using a managed security

4:16 service provider mssp essentially a

4:18 vendor to monitor all these services

4:20 it's very difficult to staff monitoring

4:23 around the clock and mssps are experts

4:26 in finding and remediating threats

4:28 because of the volume that they see

4:30 now these platforms are not 100

4:32 guaranteed to stop the bad guys but they

4:35 are an integral layer in your cyber

4:37 security posture

4:39 so let's go down to step number three

4:41 limit access

4:43 ransomware is introduced and transmitted

4:45 by hosts if you can limit the visibility

4:47 of a host

4:48 to just the need to know services on

4:50 your network then you can limit

4:52 potential damage of a ransomware attack

4:55 xero trust has received a lot of buzz

4:57 and zero trust is a great solution but

4:59 it's hard and expensive to get a full

5:01 zero trust posture

5:03 the next best thing is to isolate based

5:05 upon personas or profiles the system and

5:07 data that are available to a user make

5:10 sure that you have limited permissions

5:12 for your it teams based upon need and

5:14 that those credentials are secured with

5:16 multi-factor authentication and never

5:18 allow one account to have universal

5:21 access to all systems

5:23 check executive permissions executives

5:26 seem to be the most over privileged and

5:28 most targeted in organizations at least

5:30 according to what i've seen

5:32 step four back up and back up again

5:34 i think every company i've met has a

5:36 business continuity strategy involving

5:38 off-site backups that's great

5:40 this strategy used to be the best

5:42 defense against ransomware if you had a

5:44 clean backup you could restore your

5:46 systems and ignore the ransomer

5:48 but the bad guys are smart once backup

5:51 started eating into the ransom revenue

5:53 they started targeting backup systems

5:55 the backup is not much of a backup if

5:58 it's if it too is encrypted or deleted

6:00 by the attacker

6:02 today's backup strategies typically

6:04 follow a three two one methodology three

6:07 versions of your backup using at least

6:09 two different media with one being off

6:11 site and air gap

6:13 this has been an effective strategy for

6:15 the last several years

6:17 now that ransomware attackers are

6:18 actively targeting backups a three two

6:21 one plus one strategy is recommended the

6:24 plus one

6:25 is where you have one of your copies

6:29 in an immutable and indelible

6:31 environment

6:32 immutable and indelible backups can no

6:34 longer be changed or deleted they cannot

6:36 be encrypted by any attacker

6:40 they come at a cost but if your data

6:42 needs to survive immutable backups are a

6:45 key component of your disaster void

6:46 strategy

6:48 last step step five

6:50 practice your disaster scenarios i know

6:53 everyone is busy in practicing recovery

6:56 processes is one of the lower items on

6:58 your priority list but it's important to

7:01 know

7:01 that your team and your vendors know the

7:04 rules i suggest you try to make it

7:06 entertaining start by grabbing everyone

7:08 for a meeting maybe make it a lunch even

7:10 if it's virtual and have everyone walk

7:12 through their roles and responsibilities

7:15 you can gamify it by awarding points to

7:17 the most complete walk-throughs or most

7:19 improved from one practice session to

7:21 another maybe the winners get an early

7:23 afternoon off or something

7:25 you want to increase the rigor and

7:27 reduce the time to prepare for these

7:29 drills as your team becomes more

7:31 familiar with their responsibilities

7:33 eventually you want to get to a place

7:35 where you can conduct a mock event and

7:37 have your team go through actual steps

7:39 in a fenced off environment if that's at

7:42 all possible

7:43 so these five areas of focus will

7:45 provide you and your organization the

7:47 best chance of

7:48 of surviving and recovering from a cyber

7:50 event

7:52 i also suggest that you keep these five

7:54 areas top of mind so you can recite your

7:56 preparedness strategy quickly when asked

7:59 nothing compromises confidence when a

8:01 fumbled answer to a question like what

8:04 are we doing to protect our company from

8:05 ransomware from your ceo

8:08 okay

8:09 so those are the five steps and a little

8:11 encouragement to keep it top of mind now

8:13 here's the bonus non-it recommendation

8:16 when ransomware strikes have someone

8:19 not you because you're going to be

8:21 really busy doing other things but have

8:22 someone in your organization call your

8:25 attorney first

8:26 before contacting the ransomer or before

8:28 making any external moves

8:30 now if you have

8:32 if you have a cyber insurance call the

8:34 cyber insurance company they will refer

8:36 you to a lawyer who is experienced in

8:40 ransomware but ransomware has several

8:42 dangerous legal and regulatory

8:44 implications we don't want to make the

8:46 incident worse by going through it

8:48 without legal counsel

8:51 so that's it if you have any questions

8:54 or would like to learn more about

8:55 vendors or and solutions around these

8:57 steps feel free to contact me my email

8:59 address is in the description of this

9:01 video

9:02 if you got some value from this video

9:04 i'd appreciate a like by hitting that

9:05 thumbs up button below and to return to

9:07 my channel in the future the easiest way

9:10 to do that is to hit the subscribe

9:12 button that will put my videos in your

9:14 feed and you can come back at your

9:15 convenience

9:17 thanks very much for watching and i hope

9:18 you have a great day

Show more