Which is the least effective way for an organization to protect against ransomware?
No one can deny ransomware has hit new levels of sophistication, with demands for payment skyrocketing into the tens of millions of dollars. The reasons are manifold. Some are straightforward: vulnerabilities posed by pandemic-weary organizations and workers logging in from unsecured home networks; others are highly complex, such as ever-increasing connectivity driven by advancing digitization. Still other reasons include threat actors who are committed to perfecting their craft—rather than the “smash and grab” approach, hackers are now “dwelling” undetected within victims’ environments to better understand where the highest value data and information are, and then selling that to other bidders. Finally, as the number of companies that are forced to pay ransoms to regain control of their networks and data increases, so does the number of hackers attracted to this type of lucrative threat. Show To that end, Cybersecurity Ventures estimates ransomware costs should reach $265 billion by 2031. 1 Supply-chain attacks rose by 42 percent in the first quarter of 2021 in the United States, affecting up to seven million people, 2 while security threats against industrial control systems (ICS) and operational technology (OT) more than tripled in 2020. 3 Sometimes looking at the overall numbers, it is hard to grasp the reality of a ransomware attack’s effect on a company. To put it in perspective, here are some specific costs: Colonial Pipeline paid a $4.4 million ransom after the company shut down operations, global meat producer JBS paid $11.0 million, and global insurance provider CNA Financial paid a reported $40.0 million. Additionally, a ransomware attack on US software provider Kaseya targeted the firm’s remote-computer-management tool and endangered up to 2,000 companies globally. These figures do not reflect the additional costs of an attack, including paying third parties, such as legal, PR, and negotiation firms, or the opportunity costs of having executives and specialized teams turn away from their day-to-day roles for weeks or months to deal with an attack and its aftermath, or the lost revenue that results. With the use of low-cost ransomware-as-a-service (RaaS) campaigns, this cyberthreat has surged beyond the quiet confines of the C-suite to where boards of directors, regulators, law enforcement, industry associations, insurance providers, and the cybersecurity vendor community all need to be a part of the solution. While governments, law enforcement, and regulators continue to grapple with ransomware issues such as transparency and oversight of cryptocurrencies, companies need to ensure they remain resilient by focusing on ransomware prevention, preparation, response, and recovery strategies. The payment or nonpayment of a ransom could well depend on whether an organization masters the basics of these four strategies and then continues to build higher levels of cyber maturity that create a resilient environment where attacks may still occur but do not have the same impact they would otherwise. PreventionTo achieve a secure work environment, you need to know what technology you have, what and who it is talking to, and then watch it like a hawk. Vigilance is key. To get there, everyone from the board and C-suite to down the line must be on the same page and treat security as a continuous endeavor that balances technology with people and processes to ingrain security into an organization’s DNA.
To achieve that balance, organizations need to understand that 75 percent of ransomware breaches begin with either a phishing email or a Remote Desktop Protocol (RDP) compromise, according to Coveware’s quarterly ransomware reports for the fourth quarter of 2020 and the first quarter of 2021. In addition, it appears that in 60 percent of ransomware cases, the malware ends up installed directly or via desktop-sharing apps, according to Verizon’s 2021 Data Breach Investigations Report (DBIR). 4 That just goes to show how crucial cybersecurity hygiene is across an entire organization, from employees and vendors to third-party supply chains. It is the first line of defense in mitigating a cyberattack. Companies are finding success with the following tactics:
PreparationA core team—which includes senior leaders—that has worked to prepare for an attack is in far better shape to respond than one figuring it out on the fly. “The threat has really evolved from targeting big business to also targeting small and medium-size businesses,” says Greg Hughes, CEO of Veritas, in a recent McKinsey article about recovering from ransomware. So, creating a business continuity plan and then practicing all types of scenarios will pay off. That includes the following:
There are quite a few tactical reasons why companies choose to pay, but they all stem from the same underlying concern: we are not confident that this will not disrupt us, so paying is the “safer” option. Approaching ransomware prevention and preparedness from a resilience perspective frames the requirements and outcomes differently:
ResponseIn a ransomware attack, time is of the essence, so collaboration and transparency prevail. When an organization becomes aware of a ransomware attack, it should not compartmentalize the challenges ahead. The CISO or CSO needs to ensure transparency and collaboration with internal stakeholders across the company, including the board, C-suite, affected business groups, compliance and risk, and legal and crisis communications teams. However, your organization’s network of external stakeholders can provide valuable input and help expedite risk-based decision making, such as the following:
RecoveryNo matter what, recovery from a ransomware attack can be messy. If you decide to pay and get a decryption key—and if it works—there is usually a considerable amount of cleanup because the attackers shut down servers and databases not designed to shut down hard. If you don’t pay, rebuilding networks from backups is time consuming. Indeed, the average downtime a company experienced after a ransomware attack is 21 days, according to a Coveware report. In addition, the average ransom fee requested increased from $5,000 in 2018 to about $200,000 in 2020, according to the National Security Institute. But keep in mind, the ransom requested depends on multiple variables like the company size, revenue, industry, and importance. Also, remember, if an organization suffers an attack and feels it has to pay, the attacker now becomes a business partner, so keep these guidelines in mind:
Make no mistake about it, ransomware is ugly. But making your enterprise resilient by following prevention, preparation, response, and recovery strategies will allow a company to recover from attacks and not have to pay a huge ransom. Communication, advanced preparation, and understanding and then minimizing risk is the best way to keep the operation up and running. WHAT ARE THE does not to help you to protect against ransomware?Don't: Provide Personal Information to Unfamiliar Sources
You should never give your password or login credentials to anyone, especially if that person is not familiar to you or is outside your organization. Too many ransomware attacks could have been prevented by following this simple rule.
What is the most effective control against ransomware?How Can I Protect Against Ransomware?. Identify assets that are searchable via online tools and take steps to reduce that exposure.. Protecting Against Ransomware.. Good Security Habits.. Understanding Anti-Virus Software.. Understanding Patches and Software Updates.. Using Caution with Email Attachments.. What is ransomware How does an organization protect against it?Ransomware is malware that employs encryption to hold a victim's information at ransom. A user or organization's critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
What are a few best practices to minimize ransomware risks?8 best practices to prevent ransomware. Back up your files. ... . Educate end users. ... . Patch vulnerabilities. ... . Use an intrusion detection system. ... . Employ email filtering. ... . Whitelist applications. ... . Provide the least amount of privilege possible. ... . Logically separate networks.. |