Últimas notícias

Fique informado

Don’t pay that Ransom!

20 de julho de 2021

Spotlight

Facebook fala sobre o incidente de 4 de outubro

“Agora que nossas plataformas estão funcionando normalmente após a interrupção de 4 de outubro achei que valeria a pena compartilhar,”Santosh Janardhan.

6 de outubro de 2021

DigiCert traz a credibilidade da assinatura digital e a verificação remota de identidades de última geração para a assinatura de documentos

DigiCert® Document Signing Manager permite às empresas atender a demanda por altos níveis de garantia de assinaturas, ao mesmo tempo em que concretiza os benefícios de produtividade e custo da adoção de processos digitais remotos

17 de junho de 2021

DigiCert agora fornece serviços de segurança baseados em PKI para a iniciativa TIP OpenWiFi

DigiCert® IoT Device Manager, construído na plataforma DigiCert ONE ™, fornecerá gerenciamento de certificado digital totalmente escalonável e totalmente automatizado para ajudar a reduzir as barreiras econômicas e tecnológicas para redes WI-FI de próxima geração

20 de maio de 2021

Digicert lança nova plataforma de gestão de certificados TLS em função da atualização das normas do CAB Fórum

Durante a coletiva para América Latina a DigiCert apresentou sua nova plataforma de automação de certificados TLS/SSL.

23 de abril de 2021

A DigiCert anuncia o DigiCert Automation Manager, uma solução empresarial inovadora e voltada para a automação de certificados TLS em larga escala no local

O Automation Manager apresenta a automação segura de certificados protegida por firewall, lançando bases para gerenciar certificados no local

22 de abril de 2021

Ransomware is just another type of threat. Dealing with threats is not something new to IT

Dean Coclin

Dean Coclin – Senior Director of Business Development | DigiCert

It seems that every day, another news story appears about an organization getting hit with ransomware. Although attacks have been going on for years, these stories began receiving more attention with the recent Colonial Pipeline oil compromise, which not only affected the company, but the people and communities it serves.

How did such an easily launched attack cause panic to a wide swath of the U.S. population? One word: unpreparedness.

Let’s go over a few ways you can prepare to protect your organization against a ransom attack.

Have a plan

In almost every case, companies did not have a business continuity plan (BCP) or a disaster recovery plan (DRP) in place that included not only natural disasters but cyber disasters. What does such a plan include? First off, they are very detailed.

The BCP will set priorities and contain a response to anything that results in an interruption. The DRP, on the other hand, will contain the specific actions required to recover from the incident. As a result of improper planning, large monetary payments to criminal organizations have taken place which, in addition, have resulted in lost profits to the company.

Invest in security

To recover, one must be prepared, and that means investing in security. Look what happens when security is an afterthought: businesses are interrupted and customer data can be compromised. 

As a result, breach notification laws could be triggered, which can then compel companies to pay severe monetary penalties to civil authorities. Good luck explaining that to your board!

How can businesses be prepared? Part of the company’s risk assessment will determine which areas to protect. But most certainly, regular data backups will be required.

The details of how these backups are done, where they are stored and how they are re-created will be part of the recovery plan.

Encryption is also a big part of the plan. While encryption of data in transit is fairly common these days, encryption of data at rest must also be considered. If encrypted data is stolen, it has little value without the decryption keys.

Frequently test the plan

An important part of any recovery plan is frequent testing. Having a recovery plan is useless if it doesn’t work.

Hence, testing from an assumed “dead” system at a point in time and attempting to restore from a known good backup is essential to successfully recovering from a ransomware attack. Multiple backups are also necessary, given that the ransomware may be lurking in a more frequent backup.

Take extra care with remote work

Ransomware is just another type of threat. Dealing with threats is not something new to IT.

However, dealing with this specific type of threat requires vigilance, especially with the introduction of remote workers and mobile devices. Although convenient for employees, a remote workforce and a BYOD (bring your own device) environment increases the risk that malware can make its way into a corporate network.

Hence IT must take extra precautions in forming perimeters around a larger boundary.

No doubt, attacks are going to grow in 2021. Ransomware has become an easy attack to launch with the availability of “ransomware as a service” facilities on the dark web.

Combining this with untraceable ransom payments in bitcoin make this an attractive and easy enterprise for criminals to use. The FBI advises victims not to pay ransoms but for some companies, the decision to avoid this is not easy.

Don’t become another victim. Invest in the security tools and procedures necessary to avoid any loss or damage to your reputation. Paying a ransom will likely cost you much more.


Source: Digicert

DigiCert traz a credibilidade da assinatura digital e a verificação remota de identidades de última geração para a assinatura de documentos

DigiCert agora fornece serviços de segurança baseados em PKI para a iniciativa TIP OpenWiFi

Digicert lança nova plataforma de gestão de certificados TLS em função da atualização das normas do CAB Fórum