Held for Ransom

As part of my Master’s Degree pursuit I will be dedicating a section of my blog to InfoSec topics and discussion. Updates will happen weekly.

Ransomware is one of the hotter topics for security leaders, especially in the Healthcare space. With a slew of attacks making the news this year, I started wondering how can organizations reduce their exposure to ransomware?

Currently the most profitable cybercrime, ransomware is experience significant growth. And because it mainly spreads via email, the infection is proving tough for organizations to defend against. After all email is an integral part of nearly every business, and almost every employee has a corporate email account.

Defending against Ransomware from a technical standpoint requires a layered approach. Email, endpoint, and possibly DNS security products can all help slow the number of attacks. However, Tom Walsh, CISSP, argues that one of the easiest ways to cut down on the number of attacks is to simply block all access to personal email accounts on the corporate network. This notion is not one I had heard before, and I think coupling it with continual education and technical solutions is an excellent way to reduce and organizations risk to infection.