Every day companies are hit with new and mutating ransomware attacks with exponentially increasing financial impacts. According to Forbes, the average cost to recover from a successful ransomware attack doubled from approximately $41,000 per incident to over $84,000.
Traditionally, ransomware attacks involved sensitive data encrypted by actors and released only if a sum of money was paid, often referred to as a ransom. Adversaries are now upping the stakes in a method dubbed double extortion, in which attackers threaten to release sensitive information on top of holding data hostage. Ransoms are being paid and impacting companies at an alarming rate, we’ll discuss a few defensive tactics that can help detect, deter, and defend against ransomware.
With these new tactics and financial impacts, it is critical that organizations prioritize defending their networks against these attacks. No one technology or tool can be relied on solely to provide protection against all ransomware attacks. This is clearly one area where one size does not fit all and pairing with a trusted managed service security or consulting company is paramount. A better approach is to incorporate a layered security posture in which multiple defenses are in place, starting on step one and building from progressively.
No one cares more about your data than you do. Data is held hostage because it is valuable. It runs businesses, protects people, and most importantly, generates revenue. A great starting point to backing up data is to review what data is currently generated in your organizations and its level of importance. Prioritize what matters most to your organization, as this will vary greatly amongst company and industry. The key is to back up as much critical information as possible to minimize the impact to the organization if lost.
Once critical data has been identified, it is recommended to back up this information daily if possible. Although more time consuming and costly, this approach provides more options in the event of a costly ransomware attack. For example, if data is backed up Monday evening and a ransomware attack takes place on Tuesday, the organization is only at risk of losing the data that was created between the last backup on Monday night and the time of the attack.
Nearly every organization relies on email as the primary communication outlet. Attackers have long known this trend, and according to Align, previous statistics show that 1 in 131 emails contain malware. Filtering out malicious emails is a critical security control that can help your organization against ransomware and other attacks.
Many hardware and software solutions exist to help filter malicious emails before being delivered to the end user. Vendors offer different solutions to meet the needs of customers. It is wise to focus on attachment filtering, sandboxing, and adequate logging. If you can incorporate these three basic features it will drastically improve your ability to filter unwanted email and protect your employees.
Unfortunately, no security controls will be foolproof. Employees are often your last and most valuable line of defense in the cybersecurity realm. It is important that employees are empowered with the right training and educational resources to respond appropriately to cyber-attacks. This not only involves defensive actions, but also enables reporting on relevant matters to the appropriate channel.
Initial training as part of an orientation or onboarding program to help set a baseline of understanding amongst employees is recommended. This training needs to be ongoing and tailored to the changing threat landscape of the organization.
With the current speed of cybersecurity trends, it only makes sense to do this training at least semi-annually thereafter. The best training is hands-on, involving live case studies, phishing tests, and proper reporting channels and information. Your employees can be your strongest line of defense or weakest, it’s up to your security awareness training to determine how that plays out.
Both hardware and software technologies will eventually need to be updated to fix identified vulnerabilities and operational issues. These fixes are often called patches or updates and are created and made available typically from the manufacturer. Attackers spend time researching, creating, and exploiting known vulnerabilities and protecting an organization requires an aggressive patching policy.
Instead of attempting to patch every device with every known patch, a better approach is to evaluate your critical business systems. You then want to prioritize patching efforts on the most sensitive or critical systems in your network. You should then work outwards with your patching efforts to include more devices and a broader range of coverage in your network. Install critical or emergency patches immediately, high patches within 2-3 days, and medium to low as soon as possible thereafter.
The final control that will help protect your organization from ransomware is network segmentation. Once a system is infected with ransomware it typically attempts to spread throughout the network at a rapid speed and infect as many devices as it can. As the malware spreads it encrypts more data and increases the remediation efforts.
A segmented network is one in which the network is broken down into different disparate areas. Devices cannot communicate with other areas and typically normal users cannot move laterally throughout the network. This type of segmentation can help minimize the impact ransomware can have on the organization.
If the ransomware is found in one area of the company, but fails to move to the other segments of the network, it is likely that a smaller number of devices will be impacted. This can be done through hardware or software solutions and is typically a responsibility of network administrators.
Implementing these five steps and partnering with a trusted vendor like FortifyData is a surefire way to protect your organization from ransomware and many other attacks.