Allianz Global Corporate & Specialty (AGCS) has published a Checklist of Cyber Risk Management Recommendations to Help Prevent Ransomware Attacks.
“In about 80% of ransomware incidents, losses could have been avoided if organizations had followed best practices. Regular patching, multi-factor authentication, as well as training in security and information awareness and incident response planning are essential to avoid ransomware attacks and also constitute good hygiene cyber, ”said Rishi Baviskar, global leader in cyber experts at AGCS Risk Consulting.
“If companies adhere to best practice recommendations, there’s a good chance they won’t fall victim to ransomware. Many security holes can be closed, often with simple measures, ”he added. (See the related article on the AGCS Cyber Report, which contains these cyber risk management recommendations.)
The AGCS Cyber Risk Management Checklist is as follows:
- Ransomware identification
– Are anti-ransomware toolsets deployed throughout the organization?
– What proactive measures are in place to identify ransomware threats?
– Are policies, procedures, access control methods and communication channels updated frequently to deal with ransomware threats?
– Are internal capacities or external arrangements in place to identify strains of ransomware?
- Business continuity planning / incident response plan
– Are specific ransomware incident response processes in place?
– Have there ever been any ransomware incidents? If so, what lessons have been learned?
– Are there any prior agreements with an IT consulting firm or anti-ransomware service provider?
- Anti-phishing exercises and user awareness training
– Is regular user training and awareness conducted on information security, phishing, phone scams and impersonation calls and social engineering attacks?
– Are social engineering or phishing simulation exercises carried out on an ongoing basis?
– Are regular backups taken, including frequent backups for critical systems to minimize the impact of the disruption? Are offline backups also kept?
– Are the backups encrypted? Are backups replicated and stored in multiple offsite locations?
– Are processes in place for successful recovery and recovery of key assets as part of the Recovery Time Goal (RTO)?
– Are the backups periodically recovered against the original data to ensure the integrity of the backup?
– Are endpoint protection products (EPP) and endpoint detection and response (EDR) solutions used across the organization on mobile devices, tablets, laptops, desktops, etc. . ?
– Are local administrator password solutions (LAPS) implemented on the terminals?
- Email, web and office document security
– Is the policy framework of the sender strictly enforced?
– Are the mail gateways configured to search for links and potentially malicious programs?
– Is web content filtering enforced by restricting access to social media platforms?
– Are physical and logical segregations maintained within the network, including in the cloud environment?
– Are micro-segmentation and zero trust frameworks in place to reduce the overall attack surface?
- Monitoring of patch and vulnerability management policies
– Are automated scans performed to detect vulnerabilities? Are third party penetration testing performed on a regular basis?
– Does the organization ensure appropriate access policies, the application of multi-factor authentication for access to critical data, dial-up network connections and privileged user access?
– Is continuous monitoring in place to detect unusual account behaviors, new domain accounts and any elevation of account privileges (administrator level), new service additions, and unusual chain of commands being executed for a short period of time ?
– What due diligence and risk management activities are carried out before the merger and acquisition?
– Are regular security audits carried out on newly integrated entities to ensure the evaluation of security controls?
Interested in Cyber?
Receive automatic alerts for this topic.