A Simple Guide to Preventing a Ransomware Attack
Over 27% of successful malware incidents reported in 2020/2021 can be attributed to ransomware.
Ransomware is cyber-extortion and occurs when malicious software infiltrates computer systems and encrypts data, holding it hostage until the victim pays a ransom.
This type of attack can have a much bigger impact on an organisation than other attack types.
In the short term, ransomware can cause significant financial and operational losses, and potentially can cause even greater losses over the long term by impacting reputation, increasing the likelihood that insurers will raise premiums, and by incentivising attackers to re-target the business, etc.
In some recent cases of ransomware attacks, the victim organisations have paid huge amounts to the attackers, and this is likely one of the reasons why these attacks are getting more popular.
Instead, organisations should focus on preparation and early mitigation if they want to cut losses to ransomware. To reduce the risk your business suffers a successful ransomware attack, consider the following actions.
Conduct risk assessments and penetration tests to determine the attack surface and the current state of security resilience in your business and your preparedness in terms of tools, processes, and skills to defend against attacks.
Many businesses will not have expertise in-house to perform auditing of this type, and if this is the case you should work with an IT service provider experienced in cyber-security, to assist. Even a basic cyber-security audit by a 3rd party will give you actionable information, give you piece of mind and demonstrate to your stakeholders that you take cyber-security seriously.
Enact & enforce governance
Establish processes and compliance procedures that involve key decision makers in your organisation, even before preparing for the technical response to a ransomware attack. Ransomware can escalate from an issue to a crisis in no time, costing an organisation revenue loss and creating a damaged reputation.
Key people such as the CEO, board of directors, and other important personnel and stakeholders, must be involved in the preparation of your processes to ensure that they are practical and will be adhered to.
Conduct frequent tests to ensure that systems and personnel can detect ransomware attacks, and to check for vulnerabilities, noncompliant systems, and misconfigurations.
Ensure too that your incident response processes are not themselves reliant on IT systems that may be affected by ransomware attacks, something that is easily overlooked.
You can also perform regular simulated attacks to ensure that the awareness of your staff is maintained and processes for dealing with malicious emails are kept “front of mind”. Simulated attacks are included as a component of some of the better Cyber-Awareness Training services available, such as those provided by the industry leading KnowBe4.
Backup & test your response
You should ensure that you have backups for all your company data, not only the data kept onsite, but also for any hosted systems and for supporting IT infrastructure.
You should maintain frequent and reliable backup and recovery capabilities, and if online backups are used, ensure that they cannot become encrypted by ransomware.
You should also look carefully at your backup process overall.
Prepare for recovery by deciding first on your objectives for recovery time (RTO) and recovery point (RPO) and then benchmarking a test recovery procedure to see how your current provisions measure up.
Your RTO is the length of time it will take to bring your systems back online in the event of an attack, while your RPO is the maximum amount of time that can have passed between your last backup and an attack taking place.
This can be looked at another way: lost productivity in the event of a successful attack = RTO (time to recover) + RPO (time of last successful backup).
The disruption and lost productivity your business will experience because of an attack can be decreased by getting your recovery time down (improving your recovery process and/or technology) and increasing the regularity of your backups.
Implement the principle of least privilege
Good cyber-security practice requires that you restrict permissions and deny unauthorized access to devices, remove local administrator rights from end users and block application installation by standard users, replacing this with the means for centrally managed software distribution.
Businesses should deploy multifactor authentication (2FA) wherever possible/practical. This should be mandatory for privileged users.
There should ideally also be a means to detect unexpected activity and to proactively look for unusual logins/failed authentication attempts.
The last and best line of defence any business has against cyber-attacks is the awareness and diligence of those who use their business systems day-in-day-out.
Businesses can use guidelines published by the National Cyber Security Centre (NCSC) and Gov.uk to create a basic training program for all staff in the organisation. However, ransomware preparedness training needs to be customized to the organisation for better results.
Even better, and something we touched on earlier, is to use cyber-attack simulation tools for mock drills and training that provide closer to real-life situations for better preparedness of end users.
The challenges of dealing with ransomware and other forms of malware, and the ever-changing tactics and agendas of hackers, can be made manageable by having a strategy in place for preparedness, and can in turn help contain the losses and protect the business.
Ready to take the first steps toward better cybersecurity?
If you’re ready for IT support and managed services that drastically reduce your cybersecurity risk, get in touch with us.