Solution: With well -designed network partitions, significant obstacles can be created for danger actors that are difficult to overcome. Companies should strictly separate the server and client network and only allow the necessary connections. Although the separate operational operating technology (OT) and IT are separated. For example, the production and control system, there is no place in the net office network. Companies with significant infrastructure, such as municipal utilities, must ensure that no access is possible. In addition, quick victory like a management network can also be applied. Here, only administrative accounts are provided access to, each of which is secured via VPN with another factor. This provides high level of protection without interfering with the daily work of general users.
5. Insufficient backup
Problem: It is not enough to backup if it comes to data loss. It should also be fine. What is more, cyber criminals especially discover backups to remove or encrypt them. This increases the pressure on companies to give ransom.
Solution: Backup should always be disconnected from network and internet. This means that there is no connection with the active directory and storage in a separate, isolated network segment so that they are usable after ransomware attack. From time to time, criminal groups leave their attacks when they cannot search or access the backup server. This means that they lose the profit for implementing their demands. At the same time, the longer they discover the backup, the more time companies have to find the attack.
