It reflects that the medical institutions are facing growing security threats. Besides, the average ransom paid by the victims has tripled from US$84,000 in the fourth quarter of 2019 to US$234,000 in the first quarter of 2020, causing tremendous losses to institutions or individuals. These statistics are alerting all of us to deal with this situation cautiously.
An IT service provider of hospitals in the United States was attacked by ransomware in September last year. Access to certain computer systems was blocked, and certain servers and workstations in the domain have been maliciously encrypted by ransomware. The hackers even downloaded confidential data, including the patient's personal information. This reveals that if an organization is negligent in information security, it will be vulnerable to cyberattacks. Facing the ever-increasing cyberattacks, organizations must take action to improve their network security.
How to Defend against Ransomware?
Solutions to ransomware attacks can be divided into 3 levels: detection, interception and response:
Unified Threat Management (UTM) and Sandbox: Being the frontline to defend against malicious attacks, UTM can assist organizations in preventing emerging unintentional internal threats from intruding internal systems; sandbox can detect unknown threats and send suspicious files to the cloud sandbox for detection.
Incident Response (IR): In addition to interception, security incident response team can swiftly investigate information security incidents, figure out remedial methods, and reduce the impact of malicious attacks.
Endpoint Detection and Response (EDR): EDR can collect information based on the operation of the endpoint, so that the organization can take corresponding counter measures in a timely manner when an abnormality is detected. EDR combines different anti-virus engines, system repairing engines, active defending technologies, etc., to effectively detect and remove known and unknown viruses.
The above information security solutions can effectively protect the network security of organizations from ransomware threats. If an organization lacks a security management team, Managed Security Services (MSS) will be your best choice. The professional team of a Managed Security Service Provider (MSSP) can offer organizations real-time monitoring to identify and analyse vulnerabilities and improve overall network security.
CITIC Telecom CPC is a strong ICT-enabler to support the digital transformation of various industries. One of the flagship solutions, TrustCSI™ 2.0 information security solution, utilizes data-analysis-based SIEM 2.0 technology and has comprehensively upgraded its managed information security service portfolio. Combining the use of Incident Response (IR) services and Security Orchestration and Automated Response (SOAR) services, enterprises can achieve faster threat detection and response to cope with advanced cyberattacks. Our professional security expert team and top-notch Security Operation Centres (SOCs) provide enterprises with 24 x 7 network security monitoring, as well as managed services with high availability and disaster recovery.
As your trusted partner for information technology, we have always been committed to providing you with innovative and professional ICT services. Please contact our professional teams in offices around the world for professional security advice.
Thank you for your enquiry.