By Wouter Vandenbussche | September 23, 2020

How do you protect yourself from the 4 phases of a cyberattack? by Proximus

A cyberattack starts with ransomware, a piece of malware that hackers install on your network. Their goal is to put your systems and data under lock and key and make you pay ransom. How do you protect yourself from such an attack?

1. Intrusion phase: phishing and more

Anyone is familiar with phishing. Hackers try to get you to click on a link to extract data or to install malware. Hackers also make use of poorly maintained software or too-lax security settings to cause maximum damage.

How do you handle it?
You protect your mail system with an antispam solution. Patch management keeps software up-to-date by eliminating vulnerabilities, while modern endpoint security keeps your systems clean. In addition there is software that prevents all communication from known malicious destinations, a powerful tool to protect users and keep out malware.

2. Infection phase: contact between your computers and the hackers

In the event of an infection, there are signs that malware has established itself on a computer. For example, malware always seeks contact with the control center of the hackers. That is abnormal communication for a computer.

How do you handle it?
First ensure that your logs are stored externally so that a hacker cannot delete them to conceal their activities. This way your logs remain available for analysis. By also limiting network traffic to the bare minimum, you can usually block automated communication.

3. Spreading phase: weeks to months

Once a hacker is in your network, they will scan the network in search of other valuable targets. Ransomware can stay in your network for weeks or even months to find data with which cybercriminals can hit your company hardest.

How do you handle it?
Segment the network; divide it into zones and shield them from each other. This way an infection does not spread to other devices. A firewall controls not only the incoming and outgoing traffic, but also the traffic within the network.

4. Encryption phase: limit the damage

As soon as the files and computers have been encrypted by the ransomware, it is too late. There is nothing left to do but save what can be saved, and repair your processes or build them up from the beginning.

How do you handle it?
When it is too late, only backups can offer consolation. You can also make backups yourself, of course. It is important to store them in a location that is not vulnerable: offline or in the cloud of an external partner.

Do you not know where to begin? Or would you like more information?

Contact Clearmedia, a Proximus company. The security experts will be happy to help you.