How to Prevent Ransomware Attacks

Posted in: Commercial Insurance

Cyber risk is real and evolving. In today’s interconnected digital world, all businesses that use technology and handle sensitive data are exposed to cyber risks. According to the 2019 Verizon Data Breach Investigations report, 56% of breaches took months or longer to discover. The 2020 Verizon report finds that Phishing was the top threat behind breaches, and ransomware continues to be one of the most common types of malware infecting different organizations.

Since ransomware continues to be a significant issue, every business needs to know how to prevent ransomware attacks. But before I dive into some ransomware prevention best practices, let’s define ransomware. 

What is Ransomware?

Ransomware is a type of malicious code that exploits vulnerabilities in software to identify and encrypt data on computers and networks. Criminals use this type of malware to extort money from businesses in exchange for encryption keys.

Historically, ransomware has been delivered via Phishing campaigns that trick a user into allowing the malware into a system. Once inside, this type of malware opportunistically encrypts files and data on an infected device or network. Ransomware can be distributed randomly by criminals to a large pool of victims with the hope that a few fall for the scam. It can also be targeted at specific organizations that cannot sustain business during extended periods without access to their data.

In 2019 cybersecurity researchers started noticing a new type of ransomware that is not only more disruptive but is also directly connected to more extensive intrusions into networks. According to research by Intezer and IBM X-Force, this new type of ransomware is installed by attackers after they gain unauthorized access to systems. Not only does this pose greater legal implications for victimized organizations due to unauthorized access to systems and data, it also gives the attacker the ability to conceal the attack, selectively encrypt data, and activate the ransomware at a time of their choosing. With previous types of ransomware, restoring from a backup could have helped business recover, but responding to this new, evolved ransomware requires a more comprehensive cyber forensic investigation and coordination with legal counsel.

As ransomware becomes increasingly sophisticated at a time when organizations are more reliant on data and technology than ever, the average ransom demanded by criminals is also increasing. Not too long ago the average ransom demand could be less than $1,000. Fast forward to today and the new average payment is closer to $100,000.

How to Prevent Ransomware Attacks

Short of eliminating the use of email, electronic data, and computer networks, it is almost impossible for any organization to completely avoid the threat of ransomware. However, a lot can be done to reduce the risk and make it easier to recover if a ransomware attack occurs. The best approach to prevent ransomware attacks is very similar to how any organization should manage other types of cyber risk. That is to take a strategic approach focusing on incremental improvements in each of the 5 categories outlined in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Here are 5 best practices to get started:

  • Identify – Conduct a cyber risk review, cyber risk assessment, vulnerability assessment and inventory data/technology assets. These activities help you identify your vulnerabilities, and the data and systems to be protected, as well as give you an idea of how your business would be impacted by ransomware to better respond and recover.
  • Protect – Once the data and systems to be protected are identified, the next step is to implement “best of need” technology and strategies. In today’s environment, this should include cybersecurity awareness training for employees as well as endpoint protections that are effective regardless whether an employee is working in the office or telecommuting.
    Password management is also critical as more organizations move to cloud services. Multi-Factor-Authentication should be enabled whenever possible, and password manager software can assist employees with creating and maintaining secure passwords.
  • Detect – Even with protections in place, it is still possible for breaches and ransomware to happen. Training employees to identify threats like Phishing and Social Engineering and giving them tools to report them quickly can help mitigate damage and accelerate your response. Since cybercriminals are getting increasingly sophisticated and they continue to evolve with methods of protecting against ransomware, training and processes should be reinforced with technology. These include Intrusion Detection/Prevention, Endpoint Detection and Response, or Managed Detection and Response services. While these solutions are not free, they are becoming more readily available and affordable for businesses of all sizes.
  • Respond – Unfortunately after a ransomware attack, there are legal and technical considerations that organizations need to face. Every cyber incident is different, but the team of people you need to respond and recover remains consistent. PSA can help facilitate leveraging the insurance carrier approved team, or you can work with our CyberOn incidence service providers. These professionals can help you assess the scope of the attack and contain the malware on your network as well as help you manage the legal and notification implications of the incident. Since paying the ransom might not be an option, having a qualified response and recovery team seems to be becoming more critical than ever.
    Organizations that have an incident response plan or guidelines in place and who have identified the team of technical and legal professionals necessary for a response prior to an attack are much better prepared than those who are scrambling to figure out steps and find help amid an incident.
  • Recover – Cyber Insurance is critical in recovering more quickly. It not only pays for some of the costs of recovery services – such as notifying victims, forensics, legal consulting, and public relations – but it also covers lost business income and expenses to get you back up and running.

Do you need help with implementing these best practices to prevent ransomware attacks? Contact me at mvolk@psafinancial.com or watch our quick video below about a turnkey cyber solution CyberOn for your business. Also, visit our cyber risk management services for further helpful information.

 

Watch CyberON Video