1 26 Table of Contents 28 52

Technology Reseller v41

technologyreseller.co.uk 27 Post-Infection Security Practices This graph shows changes that resulted from a successful ransomware attack. We have reviewed our IT security and initiating new people, process and technology solutions 49% 36% 29% 21% 32% 26% 21% 14% 33% 27% We have adopted a security framework approach to ensure better security (i.e., CIS; NIST) We have raised our defenses against the compromise(s) responsible for the ransomware attack We have hired a security expert (internal or external) We have called in external security audit expertise to focus our IT Security efforts moving forward We have employed or intend to use a Managed Detection & Response (MDR) solution We have employed or intend to use an MSSP (Managed Security Service Provider) We have outsourced our security to an MSP or an MSSP We are now conducting regular phishing simulations and security awareness course training We have deployed a new endpoint protection solution 44% 50% 29% 15% We have added 2-factor authentication and other measures to minimize credential theft We have updated our IT Security Policies We have deployed extra Internet Threat Intelligence like DNS network and user filtering to block communications to undesirable parts of the Internet We have reviewed and are either considering or updating our disaster recovery plans Security awareness training is the most effective way to address the common threat vectors that lead to successful ransomware attacks. But there are several other defensive measures businesses should consider, and it shouldn’t take a ransomware attack to trigger their implementation. Some of the most important defensive measures businesses should consider include: • Adopt a security framework such as the Center for Internet Security (CIS) or the National Institute of Standards and Technology (NIST) • Enlist an expert to undertake an external security audit focusing on IT security • Implement two-factor or multi-factor authentication (2FA, MFA) to minimize credential theft • Deploy internet threat intelligence and DNS filtering to block malicious sites After experiencing a ransomware infection, many of the businesses in our survey committed to these and other best practices to increase their defenses against future attacks.

RkJQdWJsaXNoZXIy NDUxNDM=