Given the frequency of large-scale ransomware attacks in recent months, it’s no surprise that ransomware is the cyber threat that’s on everyone’s minds right now. Today, ransomware presents a multi-billion pound attack vector for cyber criminals. Statistics revealed there were 304 million ransomware attacks in 2020 – 62% up on the total number of ransomware attacks for 2019.
Because of the potential bounty, these cyber criminals are no longer amateurs. Instead, they spend their time getting background information on their targets, surveilling businesses and executing attacks that are highly personalised and targeted, designed to bring a business to its knees.
All industries and organisational sizes are in danger. While some ransoms are small, the biggest attacks fetch tens of millions of pounds. To combat the threat, businesses must maintain vigilance to protect their corporate working environment and limit the chances of ransomware attacks. Below are 4 top tips you should do right now, if you haven’t done so already, to defend against this malicious cyber-criminal tactic.
Tip 1: Create a Continuity Plan
No matter how big or small and what industry your business operates in, every business should have a plan in place, even if you don’t have a dedicated IT security team. That plan should comprehensively answer one simple question – if your business got attacked right now, what would you do?
The plan needs to cover how you would detect the incident, deal with data loss, return to normal operations, and prevent a larger financial penalty.
Ultimately, all ransomware carries the same motivation – locking a user from accessing their data until they pay a fee. Therefore, businesses need to have a way to recover that data so they can restore information that has been encrypted or wiped, without paying the ransom. A data backup and recovery plan are critical to the overall continuity plan and it is a constantly evolving activity – you need to backup regularly.
Tip 2: Don’t Just Focus on IT
You may think that ransomware is an issue for your IT security team, but the focus should be business-wide. A ransomware attack impacts the entire business, from HR to Finance to Marketing to Sales to Legal, and more. While IT capabilities underpin the operations of each department, they must all work together collaboratively rather than in silos.
Your Legal and Comms teams should be an important part of your incident response. They need to understand the situation and what contingencies are in place. Working together will help the business respond to an attack faster and deal with the fallout.
Tip 3: Continually Audit High-Profile Individuals and Improve Security Awareness
Cyber criminals always look to exploit people. If they can get a ‘big fish’, such as a board member or Director, then they hit the jackpot. However, all employees present an opportunity to the hackers and a threat to the business.
High-profile people, who have access to sensitive corporate information, will almost certainly be targets of ransomware attacks. Therefore, their digital footprint and devices need regular auditing to monitor for threats – malicious emails, bad cyber behaviours, strong passwords, and so on.
Data backups help recover from an attack, but do nothing to prevent one. Educating employees about the risks and the typical attack vectors is one of the most effective forms of defence. The most common, and effective, is email phishing, for example. So make sure employees know what to look for and are aware not to open and click anything suspicious.
Regular training builds security awareness, and activities such as phishing simulations help improve familiarity with phishing emails. Additionally, threat intelligence helps to educate employees about recent attacks that researchers have spotted.
Tip 4: Implement Robust Protection Across the Entire Attack Chain
Simple software solutions include updating all applications and systems as soon as possible, adding protection such as Credential Guard, Remote Credential Guard, or Restricted Admin Mode, endpoint detection and response (EDR) agents, and more.
A security vendor can test your environment and find the weaknesses. Frequent testing will give you far more insights to enable you to detect gaps and coverage and implement stronger solutions.
Every endpoint connected to the corporate network also needs robust protection. This protection should include endpoint controls, behavioural analytics, network segmentation, threat intelligence and detection, and anti-virus capabilities.
Unfortunately, no single thing can protect you from ransomware. Proper defense requires a mix of people (understanding the dangers and carrying out best-practice behaviours online), processes (continuity planning for when something goes wrong), and technology (detection, response and mitigation). These all need testing and tuning.
Don’t wait for the ‘if’ it comes. Be prepared by thinking ‘when’ it comes. Acting early can save your company millions of pounds and the headlines you don’t want to see.