Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

How to stop ransomware - Seven steps to protect your enterprise

By Tim Callan
CyberAttackTargets-sectigo.jpg

Any connected device, including smart phones, laptops, servers, industrial machinery, etc., can be targeted by cybercriminals for ransomware attacks on company networks and systems.

September 27, 2021

Today’s attackers are looking for multi-million-dollar payouts and use increasingly sophisticated methods to achieve their goals. In a world where the types of attacks organizations face are constantly evolving and targeted at prey of all sizes, from individuals all the way up to large corporations (even cybersecurity companies), enterprises must ensure their cybersecurity infrastructure is ready to protect against potential threats.   


So how do cybercriminals enter your network?


There are numerous paths for ransomware infection, but three of the most common are: 


  1. Phishing and Social Engineering: In recent years phishing attacks have grown increasingly sophisticated and more difficult to detect. A hacker can easily send out thousands of phishing emails and only needs one user to click on a malicious attachment or to visit an infected website to gain access to an employee’s computer. Once access is gained, the hacker has a backdoor into the network and can extend the attack vertically within the network.
  2. Password Compromises: Even more common than successful phishing attacks are password breaches.  Weak and stolen passwords are the leading factor in data breaches year after year and attempts to improve password security have failed to correct this problem. A new solution is clearly needed. Implementing stronger passwords to eliminate easy-to-guess passwords has not improved the situation. Instead, it has resulted in password reuse, with these reused passwords vulnerable to credential stuffing attacks. Multi-factor authentication systems introduced to improve security have also proven insufficient as hackers have been able to implement successful attacks against them as well. Truly resolving this problem requires passwordless solutions using digital certificates.
  3. Attacks on Software Vulnerabilities: While phishing and password breaches remain at the top of the list, hackers still frequently gain access to corporate networks by exploiting software vulnerabilities. Researchers and hackers continue to find vulnerabilities in widely used software products, with web servers, operating systems, web browsers and email tools being common targets. In many cases, these vulnerabilities could have been eliminated by keeping systems up to date with the most recent security patches.  All too often, organizations fail to keep up with software patches containing security fixes, leaving vulnerabilities in place and creating easy targets for hackers.

How to Protect Your Network and Stop Malware? 

There are seven steps that will help your company fight off ransomware attacks: 


Image courtesy of Sectigo

  

Step One: Develop a Security Plan. As no digitally connected company is too small or too big to be targeted by cybercriminals, organizations must develop and IMPLEMENT a comprehensive cybersecurity program that encompasses everyone in the company, from customer service to engineers to executive management. Yes, bigger companies are frequently targeted, but that does not mean that smaller businesses and organizations are immune. 


Step Two: Educate. Ensure your staff, especially your remote workers, understand the basics of security policies and digital hygiene, including training to help them recognize and avoid social engineering and phishing attacks. 


Step Three: Protect with Strong Authentication. Make sure your web applications and all connected devices (including those connected via VPN) are protected by strong authentication. This includes working with all visitors, contractors, and business partners to ensure that THEIR mobile devices are protected against cyber-attacks. 


Step Four: Implement Secure Backups. Make sure these backups cannot be discovered and attacked by ransomware as well. This could include offline backups along with “secure” online storage and data backup options.  


Step Five: Use Zero Trust Network Access. Incorporate principles of Zero Trust Network Access (ZTNA), which assumes all traffic both inside and outside the firewall might be hostile, and no endpoints are trusted until they can authenticate. It requires that every network is treated similarly to how you would treat the hostile public internet. Implementation of ZTNA requires digital identities – Public Key Infrastructure (PKI) – at its foundation.


Step Six:  Use the “Single Pane of Glass” Approach. Having 24/7 visibility into the entire security process is especially critical for large international organizations with assets distributed throughout numerous offices, warehouses, and industrial facilities. It is critical that IT managers have the capability to easily view and manage security for thousands of machines and their users, no matter where they are located. A single expired or misconfigured security certificate can bring the whole company down – or even worse – enable a hacker to penetrate your networks and systems. 

  

Step Seven: Use a Third-Party Security Company. Research and utilize a well-respected security company to handle your business’s security. However, as evidenced by the recent SolarWinds and Kasaya attacks, IT and security managers need to realize that if one of these security companies is successfully breached, their computer systems and data could also be at risk. This is where offline backups can save the day and bring an organization online quicker.

KEYWORDS: cyber security malware ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Tim callan

Tim Callan is Chief Compliance Officer at Sectigo and co-host of the popular PKI and security podcast “Root Causes.” Tim has more than 20 years of experience in leadership positions for prominent PKI and digital certificate technology providers including VeriSign, Symantec, DigiCert, and Comodo CA. A security blogger since 2006, he is a frequently published author of technology articles and has spoken at conferences including the RSA Security Expo, Search Engine Strategies, ClickZ, and the Internet Retailer Conference and Expo. A founding member of the CA/Browser Forum, Tim played a key role in the creation and roll out of Extended Validation SSL in the late 2000s.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Machine Identity

    Machine identities: What they are and how to use automation to secure them

    See More
  • ransomware

    How to Protect Your Organization from Ransomware

    See More
  • cloud-computing-freepik

    4 steps to protect your data against disaster in the cloud

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing