By Nick Alevetsovitis
The spectre of ransomware attacks continues to affect organizations globally. According to FortiGuard Lab’s Global Threat Landscape Report, cybercriminals continue to push out variations of these attacks, triggering approximately 150,000 detections a week. In fact, according to a recent Fortinet survey, 85 per cent of organizations worry more about ransomware attacks than any other cyber threat.
The number of attacks shows no sign of abating, due to the evolution of the “ransomware as a service (RaaS)” business. Criminal organizations successful with their ransomware attacks now create, market, and sell their ransomware to anyone, regardless of their technical skills. Organizations must be hypervigilant given the simplicity of ransomware delivery; even complex attacks such as denial-of-service attacks and wiper malware can be easily introduced into the organization by an unsuspecting employee clicking on a suspicious link or downloading a malicious file.
It is a daunting threat that organizations must be prepared for. The approach must be multi-pronged and ensure there is a cybersecurity strategy in place that includes employee education and cyber hygiene, and uses integrated solutions.
The best option is preparedness
Organizations under a ransomware attack may entertain paying the ransom to regain access to critical data and resume business as usual. Some might fear “double extortion attacks,” where ransomware actors steal data and threaten to leak it to up the ransom amount. For businesses on brink it may seem an attractive solution, but it is a decision that should be considered very carefully.
No organization wants to have a reputation as a payer, especially in a cybercriminal underworld where RaaS is commonplace. A paid ransom is like putting a target on your back, leaving your organization vulnerable to more attacks and higher ransoms. The best practice to protect organizations from ransomware attacks is to look to the fundamentals.
Fundamental One: Employee cybersecurity training
An educated and cyber-aware workforce is a crucial line of defence against cyberattacks. According to Verizon’s 2021 Data Breach Investigations Report, 85 per cent of data breaches include human interaction, making investments in employee cyber hygiene training a critical way to help identify suspicious activity. Since almost half of ransomware incidents involve social engineering attacks like phishing, adequate workforce training ensures employees think twice before clicking suspicious links.
Many training programs are available for employee awareness, including Fortinet’s free cybersecurity training which helps people recognize the social engineering tools and techniques being used by cybercriminals.
Fundamental Two: Cyber hygiene
Cyber hygiene focuses on keeping user devices and networks secure through proper maintenance. Ensuring all devices and entry points to a network are correctly patched and configured can help avoid exploitations. It should also include regular scans of email for suspicious links and attachments.
Organizations can shift to a zero-trust security model to mitigate risk. With a zero-trust access approach, the network assumes that anything or anyone attempting to connect is a potential threat. Individuals and devices must pass through strict multi-factor identification steps before access is granted – and even then, they are only given access to what is strictly needed based on defined roles. This approach helps limit access and, when paired with segmentation, can minimize damage if an attack does occur.
Given that cyberattacks happen fast, ensuring endpoint security is also critical. Upgrading from first-generation endpoint detection and response (EDR) security tools that require manual triage and responses is an important first step. More current solutions can prevent, detect and defuse potential threats in real-time, thanks to artificial intelligence (AI) and machine learning (ML). They also can offer the ability to automate responses and remediation procedures.
Having a data recovery program in place is essential in case of an attack. Scheduled backups can help organizations recover more quickly from a ransomware attack and help restore the impacted data.
Finally, every organization should have a cyber-attack response plan in place that is tested regularly so everyone knows their role when the attack comes. Teams must understand how to shut down systems, perform backups and quickly restore operations. Organizations don’t want to be in a position where their IT team is performing these tasks for the first time during an attack.
Fundamental Three: Integrated Solutions
The cybercriminal world is constantly evolving to take advantage of new technologies that make their attacks faster and more disruptive. Defenders must keep pace. In this fast-paced world, collections of separate point products will fail to give organizations the whole network visibility they need to respond quickly to threats. Instead, many are turning to integrated solutions.
Integrated cybersecurity mesh platforms can automatically detect threat patterns, and use AI and ML to correlate massive amounts of data, helping detect anomalies and initiate coordinated responses with limited stress on cybersecurity teams.
Policies can be consistently enforced through a centralized management model, promptly-delivered configurations and updates, and easily-coordinated threat responses. Pairing an integrated solution with a trusted threat intelligence service can keep your team appraised of all the latest global threats as they evolve.
No organization has all the answers when it comes to addressing security threats like ransomware. According to a global study, almost 70 per cent of organizations have suffered a ransomware attack, yet less than half reported they had a ransomware strategy that covered basic cybersecurity tactics or risk assessment, offline backup, and ransomware insurance.
Organizations must do better. Plans should include employee training, basic cyber hygiene, and investments in integrated solutions that take advantage of AI and ML to provide greater visibility, faster response times to abnormal behaviours, and automated response and remediation.
If your organization’s cyberattack response plan isn’t in place, now is a great time to get started. As long as ransomware remains profitable, bad actors will be looking for a payday. Don’t get caught with your defences down.
Nick Alevetsovitis is Vice President, Canada Enterprise and Commercial Business at Fortinet