Ransomware Is The Biggest Threat To Your Organisation. Here's Why

Ransomware is becoming more dangerous and expensive all the time, and it has affected nearly every industry and geography. Nobody is safe from the threat.

According to Fortinet’s global ransomware survey, 67 percent of organizations have experienced a ransomware attack. Worse, nearly half of those polled said they had been targeted more than once, and nearly one-sixth said they had been attacked three or more times.

Renee Tarun, Deputy CISO/ Vice President Information Security, Fortinet Inc.

The US Treasury’s Financial Crimes Enforcement Network (FinCEN) reported that organizations paid out nearly $600 million in ransomware in the first half of 2021, putting the US on track to outperform the previous decade’s combined payouts in a single year.

The attacks on the supply chains of companies such as Colonial Pipeline and JBS made headlines last year, but they are likely just the beginning. For every attack that makes national headlines, dozens more occur that do not.

The ransomware threat is real, which is why, according to the ransomware survey, 85 percent of respondents are more concerned about ransomware than any other cyber threat.

Plans, plans, plans for ransomware

The good news is that most businesses have contingency plans in place to deal with ransomware. The bad news is that some of those plans may be ineffective or useless.

According to the survey, fewer than half of the organizations have a ransomware strategy that includes basic cybersecurity tactics such as network segmentation, business continuity, recovery testing, and remediation. The same can be said for incident response plans, which should include risk assessment, offline backup, and ransomware insurance.

A plan is only as good as the information contained within it, and if you don’t cover the fundamentals, you’re going to have a problem.

ALSO READ Data Encryption from Ransomware Reaches Highest Level in Four Years, Sophos’ Annual State of Ransomware Report Finds

With all of the alarming headlines about new cybercriminal tactics, it’s easy to lose sight of the fundamentals. Training and basic cyber hygiene should be included in plans. Because remote work has increased the attack surface, organizations must consider this when developing cybersecurity training for their employees.

Education is more important than ever, and it must include cybersecurity components unique to hybrid and remote work environments. It should contain information on the most recent social engineering attack methods, such as smishing, vishing, and angler phishing. Attack methods are constantly changing, and employee training must keep up.

Collaboration and information sharing are essential in the fight against ransomware.

Ransomware is a massive problem that no organization can solve on its own. All company stakeholders must be on board, and organizations should work to form partnerships with law enforcement and organizations such as the Cybersecurity and Infrastructure Security Agency (CISA). Working together and sharing intelligence is the only way to have an impact on cybercrime groups.

Because cybercriminals frequently target multiple organizations in similar industries or that use the same networks and systems, collaboration is essential to reducing the overall impact of ransomware within the larger industry or group. The sharing of threat and attack data between public and private entities makes it more difficult for cybercriminals to gain a foothold.

These types of public-private partnerships can also aid in data recovery, lowering the overall cost of an attack.

The time has come to begin protecting against ransomware.

Organizations must ensure that they have in place a cybersecurity strategy that includes the fundamentals: education, cyber hygiene, and private-public collaboration.

ALSO READ Integrating robust data backup into your ransomware defence strategy

A well-educated workforce is essential for implementing an effective cybersecurity strategy. According to the 2021 Verizon Data Breach Investigations Report, human interaction is involved in 85 percent of data breaches. As a result, even if you have all the security solutions in the world, if you haven’t trained your employees in cyber hygiene and awareness, you’ll never be truly secure. Employees should be thoroughly trained on how to detect and report suspicious cyber activity, including phishing emails.

Approximately half of all ransomware attacks include some form of social engineering attack, such as phishing. Keeping your workforce trained on these types of attacks, especially as adversaries’ methods are constantly refined, will help ensure that your employees do not fall victim by taking the bait.

You can help keep critical digital resources secure by ensuring your workforce keeps a cyber distance from adversaries and is wary of suspicious requests through education and training.

Patching and hygiene are critical.

In addition to training, cyber hygiene is an important component in the fight against ransomware. To begin, you must ensure that user devices and networks, including home networks, are properly maintained and secured. This necessitates ensuring that devices are patched and configured properly to prevent the adversary from exploiting them.

Endpoint security and zero trust access

Following that, a zero-trust security model is implemented, which assumes that anything or anyone attempting to connect to the network is a potential threat.

When a zero-trust access approach is used, every individual or device that attempts to connect to a network or an application must go through strict identity verification before access is granted. This verification employs multifactor authentication (MFA), which requires users to provide multiple credentials before gaining access, adding an additional layer of security beyond strong passwords.

ALSO READ Two-Thirds of Healthcare Organizations Hit by Ransomware – A Four-Year High, Sophos Survey Finds

Because ransomware attacks can compromise endpoints in seconds, endpoint security is critical. Endpoint detection and response (EDR) security tools from the first generation simply cannot keep up. They necessitate manual triage and responses, which are not only too slow for fast-moving threats, but also generate large volumes of indicators, which burden cybersecurity teams.

Modern solutions reduce the attack surface proactively, prevent malware infection, detect and defuse potential threats in real time, and can automate response and remediation procedures.

Work as a Team

Collaboration between the public and private sectors is critical for effective critical infrastructure security and resilience strategies. This includes the timely and trusted sharing of information among stakeholders in the public and private sectors.

Organizations must have real-time actionable intelligence to mitigate unseen threats. To provide proactive defense, information must be shared among the various security layers and products in your environment.

Furthermore, this information sharing should be extended to partnerships outside of your organization in the broader cybersecurity community, such as Computer Emergency Response Teams (CERTs), Information Sharing and Analysis Centres (ISACs), industry coalitions like the Cyber Threat Alliance, law enforcement, and other government organizations like the Cybersecurity and Infrastructure Security Agency (CISA).

Because no single entity or organization has all of the answers on how to address the cyber threat, we can improve response times and break the kill chain before malicious activity spreads to other systems and organizations by working together and sharing information.

Ransomware is the Biggest Threat to Your Organisation. Here’s Why