{"id":10514,"date":"2016-11-14T18:56:02","date_gmt":"2016-11-14T18:56:02","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/27001academy\/?p=10514"},"modified":"2024-12-27T17:54:48","modified_gmt":"2024-12-27T17:54:48","slug":"how-can-iso-27001-help-protect-your-company-against-ransomware","status":"publish","type":"post","link":"https:\/\/advisera.com\/27001academy\/blog\/2016\/11\/14\/how-can-iso-27001-help-protect-your-company-against-ransomware\/","title":{"rendered":"How can ISO 27001 help protect your company against ransomware?"},"content":{"rendered":"<p>Ransomware is a sophisticated malware that blocks users\u2019 access to their files through the use of encryption. The attackers will ask for a ransom to unlock the infected computer. Although ransomware has been known as a method of attack for a long time, it is still very much in use \u2013 there are still no defenses that can 100% eliminate this threat.<\/p>\n<p>The protection against this malware involves a set of security layers. Companies should look towards not only technology, but also people and process-like solutions. The implementation of <a href=\"https:\/\/advisera.com\/27001academy\/what-is-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001<\/a> can help fight this sophisticated and viral threat to our data.<\/p>\n<h2>What is ransomware?<\/h2>\n<p>There are several different types of ransomware, but in general terms the characteristics are:<\/p>\n<ul>\n<li>It uses sophisticated encryption so that the victim can\u2019t unlock it.<\/li>\n<li>It displays a message to the victim informing them that their data is encrypted and they will have to pay a fee to be able to recover the files.<\/li>\n<li>It requests payment in Bitcoins, because this kind of currency cannot be tracked.<\/li>\n<li>Normally, the ransom has to be paid in a short period of time and increases if it is not fulfilled. Going over the deadline, data will be destroyed.<\/li>\n<li>Traditional antivirus protection cannot detect this type of malware.<\/li>\n<li>It can spread to other PCs connected in a local network, network drives, or files stored in the cloud.<\/li>\n<\/ul>\n<p>The origin of this malware is an organized crime structure that is technologically evolved, and it involves large amounts of money. It is not enough install antivirus software to protect against this threat. Here&#8217;s how the ISO 27001 standard can help combat it:<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><\/p>\n<h2>Security layers<\/h2>\n<p>The most effective way to be able to combat ransomware, as any malware, is the implementation of security layers that hinder the exploitation of different vulnerabilities that each company can have. Examples of such layers include:<\/p>\n<ul>\n<li>Security awareness<\/li>\n<li>Monitoring and event manager<\/li>\n<li>E-mail, web, and network protection<\/li>\n<li><a href=\"https:\/\/advisera.com\/27001academy\/iso-27001-documentation-toolkit\/?rel=information-security-controls&#038;doc=backup-policy\" target=\"_blank\" rel=\"noopener noreferrer\">Backups<\/a><\/li>\n<li>Updated software and hardware<\/li>\n<li><a href=\"https:\/\/advisera.com\/27001academy\/iso-27001-documentation-toolkit\/?rel=management-system&#038;doc=information-security-policy\" target=\"_blank\" rel=\"noopener\">Information security policies<\/a><\/li>\n<\/ul>\n<p>The implementation of ISO 27001 provides a set of controls that cover all of these layers.<\/p>\n<h2>ISO 27001 Annex A controls<\/h2>\n<p>Annex A contains a list of controls that are selected as a result of the risk assessment, allowing the treatment to mitigate this risk. Read the article <a href=\"https:\/\/advisera.com\/27001academy\/iso-27001-risk-assessment-treatment-management\/\" target=\"_blank\" rel=\"noopener\">ISO 27001 risk assessment &amp; treatment \u2013 6 basic steps<\/a> to learn more about risk assessment. These are some of the controls that help you protect against ransomware:<\/p>\n<ul>\n<li>Control A.7.2.2 (Information security awareness, education and training) \u2013 This control ensures that \u201c<em>all employees receive appropriate awareness education and training and regular updates in organizational policies and procedures.<\/em>\u201d Without proper <a href=\"https:\/\/advisera.com\/27001academy\/iso-27001-documentation-toolkit\/?rel=management-system&#038;doc=training-and-awareness-plan\" target=\"_blank\" rel=\"noopener\">training<\/a>, there is not enough technology resistant to threats of ransomware. The exploitation of this malware can be caused by actions of social engineering, malicious links in e-mail messages, or attachments sent up by known contacts. Employees need to prepare in order to be attentive to these attacks. Read the article <a href=\"https:\/\/advisera.com\/27001academy\/blog\/2015\/03\/02\/8-security-practices-to-use-in-your-employee-training-and-awareness-program\/\" target=\"_blank\" rel=\"noopener noreferrer\">8 Security Practices to Use in Your Employee Training and Awareness Program<\/a> and <a href=\"https:\/\/advisera.com\/27001academy\/blog\/2014\/05\/19\/how-to-perform-training-awareness-for-iso-27001-and-iso-22301\/\" target=\"_blank\" rel=\"noopener noreferrer\">How to perform training &amp; awareness for ISO 27001 and ISO 22301<\/a> to find out more.<\/li>\n<li>Control A.12.4.1 (Event logging) \u2013 As I mentioned, this is a sophisticated malware. The system\u2019s behavior analysis may be crucial for its timely detection. This control suggests not only the creation of event logs, but also regular reviews. Read the article <a href=\"https:\/\/advisera.com\/27001academy\/logging-according-to-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">Logging and monitoring according to ISO 27001 A.12.4<\/a>\u00a0to learn more about this control.<\/li>\n<li>Control A.12.3.1 (Information backup) \u2013 As described in the objectives of this control, \u201c<em>Backup copies \u2026shall be taken and tested regularly.<\/em>\u201d The ransomware has the ability to spread up to network drives and security copies. Validation of these copies is essential to ensure the success of the restore when necessary.<\/li>\n<li>Control A.12.6.1 (Management of technical vulnerabilities) \u2013 The knowledge of system vulnerabilities is essential to protect against this or any kind of threat. Read the article\u00a0<a href=\"https:\/\/advisera.com\/27001academy\/blog\/2015\/10\/12\/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1\/\" target=\"_blank\" rel=\"noopener noreferrer\">How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1<\/a>\u00a0to learn more about this control.<\/li>\n<li>Control A.13.1.3 (Segregation in networks) \u2013 the rapid proliferation of file encryption on the network caused by ransomware can be locked if the network is organized by segments, rather than being accessible all together. Read the article <a href=\"https:\/\/advisera.com\/27001academy\/blog\/2015\/11\/02\/requirements-to-implement-network-segregation-according-to-iso-27001-control-a-13-1-3\/\" target=\"_blank\" rel=\"noopener noreferrer\">Requirements to implement network segregation according to ISO 27001 control A.13.1.3<\/a>\u00a0to learn more about this control.<\/li>\n<li>Control A.12.2.1 (Controls against malware) \u2013 Nevertheless, it is not possible to prevent every type of malware that can attack a company, but anti-malware software is getting better at recognizing and fighting ransomware attacks.<\/li>\n<\/ul>\n<h2>The evolution of ransomware<\/h2>\n<p>The evolution of ransomware is predicted by experts to be the largest and most effective attack on our systems of all time. It\u2019s a never-ending battle, which is why we urge you to focus on prevention, implementation of information security structure, and continuous improvement. The selection of the ISO 27001 controls is based on risk analysis defined by the company in order to protect the confidentiality, integrity, and availability of your information. The risk associated with malware will have to be contemplated in the risk analysis, so that the controls are adequate to effectively combat the threat of ransomware. ISO 27001 doesn\u2019t focus only on IT controls, but also on controls to ensure awareness of all employees, technical or other, to malware threats. Properly aligned with these threats, ISO 27001 is the ideal tool for protection against ransomware or any other type of malware.<\/p>\n<p><em>To learn more on how to improve your overall information security, try this online<\/em> <a href=\"https:\/\/advisera.com\/training-account\/security-awareness-training\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security Awareness Training<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware is a sophisticated malware that blocks users\u2019 access to their files through the use of encryption. The attackers will ask for a ransom to unlock the infected computer. Although ransomware has been known as a method of attack for a long time, it is still very much in use \u2013 there are still no &#8230;<\/p>\n","protected":false},"author":47,"featured_media":10525,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[381,1485,1520,1521],"class_list":["post-10514","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-iso-27001","tag-risk","tag-malware","tag-ransomware"],"acf":[],"_links":{"self":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/10514","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/users\/47"}],"replies":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/comments?post=10514"}],"version-history":[{"count":3,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/10514\/revisions"}],"predecessor-version":[{"id":103360,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/10514\/revisions\/103360"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/media\/10525"}],"wp:attachment":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/media?parent=10514"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/categories?post=10514"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/tags?post=10514"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}