A Simple Guide to Preventing a Ransomware Attack

Man working on computer and laptop at a desk

Over 27% of successful malware incidents reported in 2020/2021 can be attributed to ransomware.

Ransomware is cyber-extortion and occurs when malicious software infiltrates computer systems and encrypts data, holding it hostage until the victim pays a ransom.

This type of attack can have a much bigger impact on an organisation than other attack types.

In the short term, ransomware can cause significant financial and operational losses, and potentially can cause even greater losses over the long term by impacting reputation, increasing the likelihood that insurers will raise premiums, and by incentivising attackers to re-target the business, etc.

In some recent cases of ransomware attacks, the victim organisations have paid huge amounts to the attackers, and this is likely one of the reasons why these attacks are getting more popular.

Instead, organisations should focus on preparation and early mitigation if they want to cut losses to ransomware. To reduce the risk your business suffers a successful ransomware attack, consider the following actions.

Conduct assessments

Many businesses will not have expertise in-house to perform auditing of this type, and if this is the case you should work with an IT service provider experienced in cyber-security, to assist. Even a basic cyber-security audit by a 3rd party will give you actionable information, give you piece of mind and demonstrate to your stakeholders that you take cyber-security seriously.

Enact & enforce governance

Key people such as the CEO, board of directors, and other important personnel and stakeholders, must be involved in the preparation of your processes to ensure that they are practical and will be adhered to.

Maintain readiness

Ensure too that your incident response processes are not themselves reliant on IT systems that may be affected by ransomware attacks, something that is easily overlooked.

You can also perform regular simulated attacks to ensure that the awareness of your staff is maintained and processes for dealing with malicious emails are kept “front of mind”. Simulated attacks are included as a component of some of the better Cyber-Awareness Training services available, such as those provided by the industry leading KnowBe4.

Backup & test your response

You should maintain frequent and reliable backup and recovery capabilities, and if online backups are used, ensure that they cannot become encrypted by ransomware.

You should also look carefully at your backup process overall.

Prepare for recovery by deciding first on your objectives for recovery time (RTO) and recovery point (RPO) and then benchmarking a test recovery procedure to see how your current provisions measure up.

Your RTO is the length of time it will take to bring your systems back online in the event of an attack, while your RPO is the maximum amount of time that can have passed between your last backup and an attack taking place.

This can be looked at another way: lost productivity in the event of a successful attack = RTO (time to recover) + RPO (time of last successful backup).

The disruption and lost productivity your business will experience because of an attack can be decreased by getting your recovery time down (improving your recovery process and/or technology) and increasing the regularity of your backups.

Implement the principle of least privilege

Businesses should deploy multifactor authentication (2FA) wherever possible/practical. This should be mandatory for privileged users.

There should ideally also be a means to detect unexpected activity and to proactively look for unusual logins/failed authentication attempts.

Educate users

Businesses can use guidelines published by the National Cyber Security Centre (NCSC) and Gov.uk to create a basic training program for all staff in the organisation. However, ransomware preparedness training needs to be customized to the organisation for better results.

Even better, and something we touched on earlier, is to use cyber-attack simulation tools for mock drills and training that provide closer to real-life situations for better preparedness of end users.

The challenges of dealing with ransomware and other forms of malware, and the ever-changing tactics and agendas of hackers, can be made manageable by having a strategy in place for preparedness, and can in turn help contain the losses and protect the business.

Ready to take the first steps toward better cybersecurity?

Money saving technology advice, news and more from an IT Support Company in Birmingham. #ITSupport #ITConsultancyMidlands #ITSecurity