This month our cybersecurity tip explains the concept of layers of defense and describes how malware and ransomware is stopped. Watch the video and/or read the transcript below.
Hi, I’m Joshua Peskay with RoundTable Technology and this is a 2-Minute Training on Layers of Defense. With layers of defense, we protect our information through a combination of safeguards.
Ransomware has been much in the news lately and many clients ask us how they can protect themselves from ransomware. The answer is through layers of defense.
Let’s imagine a phishing email that’s being sent to your organization that has a malicious PDF attachment. It’s going to attempt to install ransomware, encrypt files and demand a ransom from your organization to unencrypt those files to make them usable again.
We’re going to run this email through our layers of defense and see how well we’re protected.
The first layer is an assessment that is done to determine what safeguards your organization should put in place to try to protect the information that it has. The first layer will typically be your firewall and your spam filtering or email security. There’s a good chance that these safeguards will stop the email from making it to one of your staff people in the first place.
If the email manages to get past the firewall and past the filtering and email security, it will reach a staff person at your organization. Here’s where awareness training and policies come in. Hopefully your staff person has been trained and can identify phishing emails and will not open the attachment. Or perhaps we have a policy that tells a staff person not to open an attachment that you weren’t expecting, and verified.
If the email makes it past this layer of defense (the staff person), the malware will attempt to install itself on the end point. This is if the staff person opens the PDF. Malware is typically designed to exploit known vulnerabilities on systems. This is where patching comes in. This is where known vulnerabilities have been patched. Also, antivirus and endpoint management response can potentially stop the ransomware from running.
If the ransomware runs, this is where backups and an incident response plans come in. If we have a good backup of the information, then we don’t have to worry about paying a ransom and we’ll simply restore the information. If we have a good incident response, then we’ll limit the damage to one person’s workstation for a few hours of downtime for one person, and we won’t have impact across our entire organization. That’s how layers of defense works.
Want to Dig Deeper?
If you want more information about incident response plans, backups and business continuity see our 2-Minute Primer on BCDR.