Ransomware affected half of all businesses last year, and this figure is likely to rise as adversaries continue to navigate the pandemic. Attacks on Travelex, Garmin, and Blackbaud exemplify the turbulent landscape, proving threat actors now boast the arsenal and the audacity required for big-game hunting. The modern enterprise must therefore anticipate a ransomware attack, for this will kickstart the preparation needed to handle such an event gracefully, efficiently, and economically.
Most organizations, however, still mishandle ransomware attacks, with crisis response growing pains leading to technical blackouts, botched PR campaigns, and unethical decisions. These shortcomings are harmful to the business in question, yes, but they are at least forgivable; after all, incident response teams rarely get to practice what to do should the worst happen. What’s not forgivable is plain negligence, yet many businesses rely on a defense that was unacceptable even a decade ago: It won’t happen to us.
Organizations must assume the worst and look beyond prevention strategies because, in a business of hundreds or thousands of people, someone will eventually click a bad link, join the wrong network, or leave their phone in a public toilet. That’s why catastrophizing – a thought pattern we should eschew in everyday life – is useful in crisis response training. Cyberattacks are a matter of when, not if.
So how does a cyber-naïve business go from sitting duck to armored vehicle, an agile, weaponized, and battle-ready machine? Well it’s all in the prep, and there are a few defenses that every organization can put in place to improve their readiness.
Create regular backups
Loss of data is inevitable in a ransomware attack. Data is often retrievable, but there is no telling what adversaries have already done with it, especially with the increasing popularity of data wholesale. Sophos found that more than twice as many organizations got their data back via backups (56%) than by paying the ransom (26%), making regular backups a smart choice.
Businesses should also create regular system backups because they are pivotal to restoration when ransomware strikes. Norsk Hydro demonstrated this in 2019, using its critical infrastructure backups to minimize damage and restore operations without paying a ransom. The aluminum producer has been heralded as the gold standard in crisis response because of this, with many cyber experts considering ransom payments unethical. Backups won’t stop ransomware attacks altogether, but they can limit their damage and minimize cleanup costs.
Patch systems regularly
There are several ways that ransomware capitalizes on unpatched systems; NotPetya relied on the NSA’s leaked EternalBlue cyberattack exploit for example, while WannaCry exploited the SMB protocol to create a wormable ransomware variant. It is essential that you deploy patches as soon as they become available, something achievable through an effective patch management program.
Buy the right cybersecurity insurance
Most organizations now have cybersecurity insurance, but one in five say theirs doesn’t cover ransomware. What good is that? Coalition’s latest Cyber Insurance Claims Report found ransomware was the top cyber insurance claim for the first half of 2020. Meanwhile, analysts observed a 47% increase in the severity of attacks, and the global remediation average topped $750,000.
Clearly, purchasing solid cybersecurity insurance is essential.
Improve cyber awareness
Phishing and spear-phishing are still the most common ways that threat actors gain access to networks, and often the point of entry is a non-technical employee with little to no cybersecurity awareness. As businesses look to secure everything from their CEO’s inbox and customer data to their application code, the attack surface is widening. Every employee, technical or otherwise, should possess some level of cyber awareness. To achieve this, businesses should build a security culture from the ground up, ensuring that everyone from the receptionist to the CEO understands the role they play in securing the business.
Stress-test your response team
This is the crucial step in responding to a ransomware attack. Organizations should implement incident response plans and exercise their response teams regularly. You might not be able to thwart an attack entirely, but you can alleviate the damage done to your customers, bank account, and reputation.
An effective cyber response is one regularly practiced by representatives from across the business. However, this jars with legacy exercises which consume time, money, and human resources. Immersive Labs’ Cyber Crisis Simulator addresses this problem by providing a browser-based environment where multiple participants can quickly run and assess crisis exercises against the latest threats. It challenges your people to make critical decisions when dealing with emerging incidents such as ransomware outbreaks, working on the principle that simulations are the best way to equip your people.
Book a demo to see our Cyber Crisis Simulator in action and learn how it can help your organization’s cyber preparedness.