Ransomware: A Growing Cyber Menace to all Businesses
Ransomware has become the top cyber threat facing businesses today.1 In fact, it’s menacing growth has helped drive cyber attacks to the top of the list of global risk concerns organizations face today.2 Unlike a data breach, ransomware is a risk without discretion. Any company that requires access to critical data or faces loss or hardship in the event of business interruption is a potential ransomware victim. Unfortunately, attacks have become more sophisticated and are growing.
Ransomware reports increased 716% from 2019 to 2020
Ransomware payments have increased 60% over that same period
Ransomware damages are predicted to be $20 billion in 20213
The potential consequences of business disruption and loss or public exposure of sensitive data are severe, and can include loss of revenue, reputation, breached contracts, missed deadlines, failure to meet customer or client expectations, or even, in the most extreme examples – such as with healthcare providers – possible loss of life.
Businesses must take proactive steps to prepare for and prevent these outcomes resulting from a ransomware attack.
8 Ransomware Risk Mitigation Strategies
Consider these eight tips to help mitigate the risk of falling victim to ransomware and to better prepare for a ransomware incident:
1. Be proactive
Ensure that the Incident Response (IR) Plan/Playbooks, and/or Business Continuity Plan/Disaster Recovery Plan have been assessed, reviewed and updated. But, most important, these plans and playbooks must be tested through simulated practice across realistic scenarios to help improve resilience.
2. Educate employees on cyber security and phishing awareness
Companies must create a culture where all employees feel responsible for enterprise security, and are encouraged to participate in proactive detection of, and defense against, threats, risks and attacks. Phishing is still a leading cause of unauthorized access to a corporate network, including as the entry point for ransomware attacks. Training users to not only spot a phishing email, but to also report the email to their internal cyber security team, is a critical step in detecting the early stages of a ransomware attack.
3. Employ multi-factor or "two-step" authentication
Multi-factor authentication across all forms of login and access to email, remote desktops, external-facing or cloud-based systems and networks should be a requirement for all users. The presence of multi-factor authentication may even prevent the exploitation of stolen login credentials because the attacker does not also possess the necessary second piece of the login process, the authentication key.
4. Keep systems patched and up-to-date
Unpatched vulnerabilities allow attackers to compromise corporate networks, and attackers can often identify a vulnerable system with a simple scan of the Internet using free tools. They engage in this exercise broadly and indiscriminately, looking for exploitable systems on which to unleash ransomware and other cyber attacks. Make sure your systems are patched and current.
5. Install and properly configure endpoint detection and response tools
Tools that focus on endpoint detection and response can help decrease the risk of a ransomware attack and are useful as part of incident investigation and response. Properly configured security tools give a much greater chance of detecting, alerting on, and blocking threat actor behavior.
6. Design your networks, systems, and backups to reduce the impact of ransomware
Ensure your privileged accounts are strictly controlled. Segment your network to reduce the spread of adversaries or malware. Have strong logging and alerting in place for better detection and evidence in the event of incident response. Having a technical security strategy that is informed by architects that know the latest attacks and adversary trends is important, as is the use of continuous threat intelligence monitoring in open source and on the dark web.
7. Consider risk transfer options
Because a ransomware attack can threaten an entity’s reputation and goodwill, the complete risk of ransomware can never be fully mitigated or transferred. However, in practicing ransomware preparedness, organizations should consider obtaining appropriate cyber insurance coverage. In doing so, organizations should review how coverage addresses indemnification for financial loss, business interruption, fees and expenses associated with the ransom and incident response, as well as considerations for service providers, such as the ability to work with incident response providers of choice.
8. Pre-arrange your third-party response team
An effective ransomware response will often include all or some third-party expertise across the disciplines of forensic incident response, legal counsel, crisis communications and ransom negotiation and payment. As time is of the essence during a ransomware attack, it is critical to pre-vet and pre-engage a team of professionals to monitor and be ready to respond to an attack when it happens.
Mitigating the risk of ransomware is a challenge for all businesses, large and small. Fortunately, there are effective risk mitigation strategies to prepare for the potential of a ransomware attack.
This material has been prepared for informational purposes only and should not be relied upon for any other purpose. You should consult with your own legal and information security advisors or IT Department before implementing any recommendation or guidance provided herein.