Phishing remains one of the most common and important tools used by cyber criminals, especially as it relates to the insertion of ransomware. They mainly come from opening an infected email or attachment via social engineering exercises. Repeated attempts to vanquish the fatal “click” have proven largely unsuccessful. Mainly, because it takes just one person within an organization to unleash the attack on the entire organization. And it seems there is always at least one person who is in too much of a hurry to properly consider whether or not to open an attachment. So what is the security team to do?
One critical step is to infuse security consciousness throughout the organization. Essentially, placing greater emphasis on the positive impact of correct security procedures. This must come from the top of any organization. In doing so, it maximizes credibility and the use of resources necessary to effect this cultural shift. Equally important, though, is the recognition by security professionals that even the most dogged efforts are sometimes for nought. There must also be a sharpened focus on detecting ransomware as soon as possible. Even if there are continuing attempts to decrease the occurrence of inadvertent introduction of malicious malware. This should include a Third Party review of existing security architecture and procedures. This will help identify any necessary changes that need to be corrected. In some cases, an ounce of cure is indeed worth a pound of prevention.