Ransomware is hitting organizations hard, and there seems to be no end in sight for these damaging attacks on enterprises of all sizes and across industry verticals. With major ransomware news breaking almost daily, enterprises are beginning to take the threat seriously due to the risk of financial losses, business downtime, loss of customers, bad publicity, and other unpleasant results.
As noted in Bitdefender’s Mid-Year Threat Landscape Report 2020, the total number of ransomware reports increased by 715% globally year-over-year. The study said pandemic-related incidents had a big impact, and similar threat levels are expected for this year. Bad actors are likely encouraged by the number of successful attacks and looking for increasingly sophisticated ways to penetrate corporate systems.
It’s not just the private sector that sees ransomware as a top threat. The FBI in June 2021 announced that with a recent rapid increase in ransomware attacks against private sector companies the agency has made investigations of these attacks a top priority.
Meanwhile, the costs of ransomware attacks are significant. Chainalysis, a blockchain analysis company, said the total amount paid by ransomware victims increased by 311% in 2020 compared with the previous year, to reach nearly $350 million worth of cryptocurrency.
No other category of cryptocurrency-based crime had a higher growth rate, the firm said, and the dollar figure is likely lower than the true total because of underreporting. The ransomware increase was driven by several new strains taking in large sums from victims, as well as pre-existing strains drastically increasing earnings, it said.
Clearly, it’s time for CISOs and other cyber security and IT leaders to have a company-wide strategy for preventing and mitigating ransomware. Putting this off can leave businesses defenseless at a time when cyber criminals are looking for targets in many sectors, regardless of company size.
An effective ransomware prevention and mitigation strategy should include several best practices.
As ransomware entry points vary widely, and cybercriminals are very creative in exploiting both technological and human vulnerabilities, organizations should look to deploy multi-layered endpoint protection with anti-ransomware capabilities that can disrupt the whole attack chain.
Another essential practice is to improve the overall cyber security posture of the organization if needed. This includes a variety of components, of course, but a good starting point is user access mechanisms. Investigations of some of the recent ransomware cases that made headlines exposed a lack of two-factor authentication or weak passwords.
Providing strong access controls for all users sounds like an obvious step, but weaknesses in these areas are an invitation for attacks of all kinds. Compromising a single password can provide the necessary entry point.
A basic tool such as two-factor authentication provides stronger security. Requiring a second form of identification such as a code sent to a mobile device can significantly decrease the likelihood of an intrusion.
A common tactic among attackers is to take advantage of stolen user credentials to gain access to enterprise networks and distribute ransomware. Oftentimes such credentials are exposed through phishing or other means, and two-factor authentication across all users and devices can reduce the likelihood of attacks.
As important as it is to improve the overall security posture through technology investments, that won’t be as effective if employees are not properly trained in good security practices. Users need to know how to recognize the signs of phishing attempts or malware and take proper precautions to avoid inadvertently launching attacks.
They also need to be trained in how to use security tools correctly, and why it’s important to not change settings without permission. Those employees still working from home need particular attention since they’re even more out of sight of security teams and might be using less secure devices and networks.
Education should take place across the enterprise, from the CEO on down. In fact, senior executives are often among the most popular targets for attackers, because of their privileged access rights and the likelihood that they possess valuable information that can help cyber criminals.
Another key step in the effort to defend against ransomware is to back up key systems and data. The Cybersecurity and Infrastructure Security Agency (CISA), a U.S. federal agency operating with the Department of Homeland Security to enhance the security, resiliency, and reliability of the nation’s cybersecurity and communications infrastructure, recommends backups as a step toward resilience against ransomware. In fact, CISA says enterprises should back up systems daily.
While there is no need to back up everything in the organization, companies should certainly back up all components considered critical infrastructure. If the cost of regular backups is an issue, IT and security executives need to weigh the risks of losing access to systems in the event of a ransomware attack and then decide what must be protected through backups. The key point is to make sure to back up everything required for a quick recovery.