Phishing and Ransomware: Responding to Surging Threats

Erich Falke, Esq., CIPP/US, Chief Information Security Officer & Cyber Risk Practice Manager, is cited as the subject matter expert for the article “Update on Phishing and Ransomware—Responding to A Surging Threat” featured in American Society of Ophthalmic Administrators (www.asoa.org).

Mr. Falke discusses the additional cybersecurity exposures organizations face with a work from home atmosphere due to the pandemic. Cyber criminals “upped the ante” and discovered new ways to attack and extort organizations.

The largest causes of ransomware attacks are unsecure remote internet access and phishing emails, followed by software vulnerabilities. To prevent these exposures closing remote ports, implementing multi-factor authorization, and employee cybersecurity training are just a few steps to take.

Mr. Falke recommends:

1. MFA/Strong passwords on all remote access, email and privileged accounts
2. Employee training and awareness – especially for phishing emails and other social engineering
3. Strong patch management
4. Backups including one isolated or air-gapped copy
5. Next generation anti-virus protection for endpoints

In the article, Mr. Falke expresses it’s important for management to “convey an understanding of why security is important and what damage could be caused by a cyberattack.” Preparation for the inevitable cyber-attack is also essential. Cybersecurity insurance can provide quick access to helpful resources and an inci­dent response plan where everyone knows what to do are preparations not to be ignored.

*****

Follow up Q&A:

1. How effective are next-generation anti-virus protections for endpoints in preventing ransomware attacks compared to traditional antivirus software?
   • Next-generation anti-virus protections for endpoints often incorporate more advanced detection techniques, such as behavioral analysis and machine learning, which can better identify and stop emerging threats like ransomware. However, their effectiveness can vary depending on factors such as the sophistication of the attack and the timeliness of updates to the antivirus database.
2. What specific measures should organizations consider including in an incident response plan to ensure everyone knows what to do in the event of a cyberattack?
   • In an incident response plan, organizations should outline clear procedures for detecting, containing, and mitigating the impact of cyberattacks. This includes designating roles and responsibilities for different team members, establishing communication channels for reporting incidents, and defining steps for restoring affected systems and data. Regular testing and training exercises are also crucial to ensure that everyone understands their role and can respond effectively under pressure.
3. Can you elaborate on the potential consequences or damages that organizations could face if they fail to adequately prepare for and respond to cyberattacks, despite implementing preventive measures like employee training and strong passwords?
   • Failure to adequately prepare for and respond to cyberattacks can result in significant financial losses, reputational damage, and operational disruptions for organizations. Without a comprehensive incident response plan and proper training, employees may not know how to recognize and contain an attack, leading to prolonged downtime and increased recovery costs. Additionally, data breaches and loss of sensitive information can lead to regulatory fines, lawsuits, and loss of customer trust, further exacerbating the impact of the attack. Cybersecurity insurance can provide financial protection and access to resources for mitigating these risks, but it should not be seen as a substitute for proactive security measures and preparation.

*****

For more information about how to become an ePlace Solutions, Inc. client, please email inquiry@eplaceinc.com.