By Simon Eyre, CISO at Drawbridge
Cyber attackers search for any vulnerability they can target and once they find one, they move fast. In under four hours, a ransomware infection can infiltrate a system, making it critical for businesses to act quickly and efficiently. Cyberattacks pose a significant risk to businesses through data breaches – but ransomware magnifies the threat. Ransomware attacks risk demanding the payment of high ransoms with no guarantee of retrieving the stolen information.
As cyber criminals become more sophisticated and their attacks become increasingly successful, businesses must employ more robust strategies to protect themselves. By assessing their current cybersecurity framework, adequately training staff, and implementing the right vulnerability management and risk assessment policies, organizations can bolster their security and reduce the chance of paying a hefty ransom payment.
Employee Cybersecurity Awareness Training
Ransomware attackers are not picky. They hunt for vulnerabilities and exploit them in any way they can. According to IDC, 37% of organizations globally reported falling victim to some form of a ransomware attack in 2021. Attackers predominantly utilize email phishing scams to lure targets but will also target other communication platforms such as fraudulent phone calls and scam SMS with the hopes of fooling their victims into clicking on malicious links.
Businesses are major targets for cybercriminals. What may appear as a friendly email can be a click away from encrypting the company network – and the ways to retrieve data are limited and often very expensive. In 2021, 83% of businesses reported being fooled by phishing attacks and being tricked into clicking on a link or downloading malware, a dangerous move that could give attackers control over the organization’s infrastructure and give an incentive to demand ransom. It is critical for businesses to ensure that their staff is more than prepared for potential ransomware attacks and well-versed in response plans in case the breach is successful. Rigorous cyber security training can help employees prepare for these encounters and identify suspicious activity through ongoing monitoring practices, ensuring companies always remain one step ahead of attackers.
Cyber awareness training and a prepared incident response plan can also help firms achieve regulatory compliance requirements. Under the U.S. Ransomware Disclosure Act (H.R. 5501), for example, businesses that have fallen victim to ransomware attacks are required to disclose ransom payments to the Department of Homeland Security within 48 hours. In the U.K., NIS Regulations require digital service providers to report cybersecurity incidents to U.K.’s Information Commissioner’s Office (ICO). Failure to comply with requirements can lead to fines and penalties causing monetary damage to the business.
A firm’s cybersecurity strategy is highly reliant on its vulnerability management policy; a policy that involves continuous monitoring of the environment can help businesses pick up on any vulnerabilities that can be exploited– including any risks associated with having remote workers.
Although I.T. teams may feel their patching procedures are sufficient, sometimes patching procedures that are not up to date can omit software, hardware, and IoT devices that can fall vulnerable to attackers. It’s also important to remember that ransomware attackers don’t work to a schedule – they can strike at any time – so it’s crucial that firms continue to monitor vulnerabilities in real-time, so they can pick up on new vulnerabilities before an attack takes place.
Risk assessments further the preventative controls of the vulnerability management by identifying threats from a system, policy, and procedural approach. A comprehensive chart of the gathered data makes it easier to identify high-probability risks that threat actors can exploit. Firms can use these insights to proactivity secure systems with the proper defenses they need to mitigate these potential risks. If your firm does not have the infrastructure to perform these assessments in house, risk assessment providers offer services that form a comprehensive analysis of a business’s data and continuously monitor for potential threat actors that may target vulnerable data.
In much the same way, building resiliency requires an understanding of how data flows through the business and who is processing it (which may be internal or at third parties). It’s important to perform this flow chart exercise before you begin looking at controls to mitigate outages. The mitigations may be technical in nature like redundant systems or signing up alternative Vendors for processing activities.
Investing in the Right Back Up Measures
Since grade school, we have always been told to back up anything we do not want to lose. What was once a USB or hard drive, is now being redefined by the Cloud. Cloud platforms such as Microsoft 365, Google Workspace, and Amazon AWS offer backup services for businesses to ensure their data remains in a safe place. The all-in-one style of services of these platforms allow for a cost-effective and secure backup of data.
In case a breach does happen, insurance is there for backup. Cybersecurity insurance can lead firms in the right direction when handling security breaches. From an insurance firm, businesses have access to skilled forensic and recovery teams that have the in-house technical skills necessary to address an attack and more importantly, recover from one. Insurance firms offer the proper expertise to guide businesses in the right direction and identify the proper approach to a ransomware attack such as whether they should pay the ransom or not. Businesses can ensure they are choosing the right insurance by looking at their guidelines and Due Diligence Questionnaires before applying. Insurance companies may recommend the use specific cyber frameworks such as Cyber Essentials and NIST CSF to strengthen the security posture of a business.
Avoid Paying the Ransom
The sad reality is that even after paying the ransom – you aren’t guaranteed your data back. Implementing the proper crisis management and response plans ensures your business endures the least amount of damage as possible if this does occur.
Avoiding paying the ransom, goes beyond a strong cyber resilience program. Understanding the laws and restrictions in place by different jurisdictions can help businesses determine how to approach cyberattacks. Different localities have rules in place banning ransom payment and if done so, companies can face legal action. In October 2020, the United States Office of Foreign Assets Control (OFAC) made it illegal to pay ransom in certain cases. Even if paying the ransom is found to be acceptable by legal standards, businesses must ensure it is the only and best option before handing over such large amounts of money.
As the cybersecurity landscape evolves, so do the complexities of the strategies that threat actors use to breach sensitive data. As long as sensitive data exists, so will threat actors looking to collect a ransom, making it even more important for businesses to ensure their cyber resilience strategy is adequate.
The cyber risk, regulatory and threat landscapes continue to evolve, making it even more vital for organizations to strengthen their cybersecurity posture. With the proper proactive measures in place including employee training, vulnerability management, and risk assessments – firms are better positioned to avoid facing a decision on if they should pay the ransom.