Sophos recently conducted a survey of 5,000 IT Managers across 26 countries, and the results revealed that ransomware is still a significant threat to organizations. According to the survey, 51 percent of respondents were hit by ransomware in the last year, and in 73 percent of those incidents, attackers succeeded in encrypting data. But the bad news doesn’t stop there. The survey also found that the average global cost to remediate these attacks was a staggering $761,106.
7 Endpoint Protection Best Practices to Block Ransomware
These statistics illustrate how crucial it is for organizations to protect against ransomware. While an endpoint protection solution is one of the most effective ways to do so, it must be properly configured to fully maximize defences.
Sophos recommends these best practices to help stop ransomware:
- Turn on all policies and ensure all features are enabled. Often inadvertently overlooked, this action will fully maximize your endpoint solution and ensure that you’re getting the best protection. Don’t forget to enable features that detect file-less attack techniques and ransomware behaviour.
- Regularly review your exclusions. Exclusions are sometimes leveraged to soften complaints from users who feel your protection solution is slowing down their systems. Malware that manages to make its way into excluded directories will likely succeed because it’s excluded from being checked. Be sure to regularly check your list of exclusions within your threat protection settings and keep the number of exclusions as close to zero as possible.
- Enable multifactor authentication (MFA) within your security console. MFA provides an additional layer of security after the first factor, which is often a password. Enabling MFA across your applications will ensure access to your endpoint protection solution is secure and not prone to accidental or deliberate attempts to change your settings, which could leave your endpoint devices vulnerable to attacks.
- Ensure every endpoint is protected and up to date. Make sure that you’re routinely checking your devices to confirm they’re protected and up to date. A device not functioning correctly may not be protected and could be vulnerable to a ransomware attack.
- Maintain good IT hygiene. Regular IT hygiene ensures your endpoints and the software installed on them run at peak efficiency. This will mitigate your cybersecurity risk and save you time when remediating potential future incidents.
- Hunt for active adversaries on your network. Endpoint detection and response (EDR) technologies in your endpoint solution can identify advanced threats and active adversaries, and then take action quickly to neutralize these threats.
- Close the gap with human intervention. To deploy ransomware, hackers will have already breached your network and possibly exfiltrated data without your knowledge. Technology alone is often not enough to stop these intrusions. Managed detection and response (MDR) services can arm you with an external team of elite threat hunters and response experts who can provide actionable advice for addressing the root cause of recurring incidents.
How Sophos protects you from ransomware
Sophos Intercept X can protect your organization from ransomware attacks with advanced features:
- Deep Learning: artificial intelligence that detects both known and unknown malware without relying on signatures
- Anti-Exploit Technology: denies attackers by blocking the exploits and techniques used to distribute malware, steal credentials and escape detection
- CryptoGuard: identifies and stops the spontaneous malicious encryption of files
Sophos EDR, available for endpoints and servers, gives you the tools to maintain IT security operations hygiene and hunt down threats, while built-in expertise helps you answer the tough questions about security incidents.
Sophos Managed Threat Response gives you an elite team of threat hunters and response experts who take targeted actions on your behalf to neutralize even the most sophisticated threats – adding human expertise to your security strategy.
Learn more about Sophos security solutions at CDW.ca/Sophos.