Get Proactive: Strategies for Avoiding Ransomware Attacks and How To Respond if You’re Targeted

What can you accomplish in 11 seconds? Could you dash off a quick reply to an open email or fix yourself a cup of coffee? It’s a short window of opportunity, and it’s definitely far too narrow for you to avert a detrimental cybersecurity incident.

A 2019 article from Cybersecurity Ventures anticipated that, by 2021, a new business would fall prey to ransomware attacks every 11 seconds, with global costs from all incidents amounting to $20 billion.

The fact of the matter is that you can’t wait for attackers to find you. You have to develop proactive defenses and robust cybersecurity processes before the countdown starts.

So far, the pessimistic predictions seem to be coming true. A 2020 report from the FBI’s Internet Crime Complaint Center (IC3) noted that the office fielded 2,474 claims related to ransomware attacks that year. This was a sharp increase of more than 20% compared to the 2,047 reports filed in 2019, which, by itself, represented a rise of about 37% from the 1,493 complaints handled by the IC3 in 2018.

Not only is the number of incidents rising, but perpetrators continue to seek larger and larger sums of money from their victims. According to the Unit 42 Ransomware Threat Report, the average organizational payment from targets in the U.S., Canada and Europe jumped 171% between 2019 to 2020, reaching $312,493.

Given the continued proliferation of remote work and the recent headlines about ransomware attacks targeting critical infrastructure and vital health care organizations, you may be wondering how your company can implement proactive measures — starting today.

In this article, we’ll focus on how you can bolster your defenses in these categories:

  • Vulnerability management.
  • Third-party risk management.
  • Training and communication.
  • Email security.
  • Security operations centers (SOCs) and managed detection and response (MDR).
  • Identity and access management.
  • Backup and recovery.

Vulnerability management

Attackers often exploit known vulnerabilities in servers to deploy ransomware. An important technique for managing exposure to ransomware attacks is to ensure proactive identification of security vulnerabilities and timely patching.

Third-party risk management

Supply chain attacks can provide another pathway for criminals who are looking to infect your network with ransomware. With this technique, the attackers infiltrate downstream components of your digital ecosystem in order to compromise your systems. For this reason, a strong third-party risk management program is essential for lowering your potential exposure to ransomware attacks.

Training and communication

More than ever, today’s businesses need to ensure that their workers are appropriately trained in accordance with the organization’s cybersecurity policies and proper security hygiene. Because of the shift to remote work that was accelerated by the COVID-19 pandemic, educating employees and contractors on ways to secure company assets, as well as the threat landscape and their role in it, is an indispensable defense tactic. No matter how tight your defenses are from a technical standpoint, the individuals who work in your organization could be susceptible to social engineering. At the end of the day, you are as strong as your weakest link.

At a minimum, make sure that workers at your organization know:

  • How to spot social engineering techniques: They should be wary of any requests that are out of the ordinary, especially if an email seems to generate a sense of urgency that could cause suspicion.
  • Whether they’ve come across some of the telltale signs of phishing: Workers should preview links without clicking them and watch for poorly proofed communications.
  • Why it’s essential to report potentially fraudulent emails: Sharing knowledge about phishing attempts can help organizations increase their defenses.
  • What steps to take in the event they’ve been compromised: Sometimes it happens where the best of us can become susceptible to a threat, and workers must be educated on the steps they should take if it happens to them.

Email security

Ideally, your employees won’t have to do the heavy lifting when it comes to identifying and thwarting phishing emails. Filtering mechanisms should catch obvious red flags in emails and divert problematic communications away from potential targets before these individuals even have to make a decision that requires them to put the training listed above into practice. While you don’t want to employ overzealous security measures that impede normal business operations, a certain level of protection is important for protecting the company from a possible ransomware attack.

Security operations centers (SOCs) and managed detection and response (MDR)

SOCs serve as a method for centralizing security operations to provide continuous monitoring and for coordinating response activities across an enterprise. MDR refers specifically to outsourced operations for assessing your organization’s security state and for providing remediation if suspicious activity is detected. Businesses may need to implement or elevate their security posture through partnerships and internal mechanisms as they seek to actively monitor the environment for anomalies, unusual behavior and unauthorized attempts to access ports.

Identity and access management

In the modern enterprise, identity and access management (IAM) is essential for securing your corporate assets. In the new era of remote work, ensuring that the appropriate parties have the right level of access to the correct systems for performing their duties and supporting critical business operations is vital. With the rise of cloud-based solutions, authentication mechanisms such as single sign-on (SSO) and multifactor authentication (MFA) are more important than ever as employees are accessing critical systems through network channels that are not managed and secured by enterprise IT. If credentials are well protected, the impact of a ransomware infection on the organization can be reduced, preventing enterprise-wide operational disruptions to critical business processes.

By implementing industry-leading IAM and privileged access management (PAM) capabilities, organizations can protect their crown jewels from ever being compromised, even in the scenario of an intruder gaining access to the corporate network.

Backup and recovery

Finally, if a ransomware attack succeeds, despite your strong investment in all of the necessary factors we’ve explored so far, backup and recovery are crucial for getting your systems back up and running. Today, decrypting the data is not a viable solution, and even playing ball with your attackers provides no guarantee that you’ll have full access restored in a timely manner.

Instead, taking a proactive approach — by implementing comprehensive backup solutions — is the only way to make sure you can bounce back quickly. The best strategies usually involve frequently updated out-of-band, offline backups stored with secure cloud solutions and providers. With this method, you can replicate data across multiple locations, providing added protection.

Take the time to get your IT disaster recovery plans in place long before any ransomware attack comes your way. This way, you can reduce confusion during a crisis, establish clear priorities and get back on your feet faster.

As part of this process, make sure to run tests, including simulations and tabletop exercises. Be sure to document processes, roles and responsibilities so you’re ready to handle threats with a clear plan as soon as these unwanted intrusions emerge. Such precautions are also necessary for securing a feasible premium from your cyber insurance provider. It’s important to have adequate coverage, but to get insured, you’ll need to have the proper protections and controls in place.

The experts at CFGI can help you improve your cybersecurity posture for ransomware attacks and other threats. Contact us today for a free 30-minute consultation.