Are You Thinking of Paying the Ransom?
- By Sandeep Bhargava, Rackspace Technology
- November 18, 2020
They say an ounce of prevention is worth a pound of cure, which is as true for your business as it is for your health. This thought seems to be on the mind of Interpol recently, as it warns us that ransomware attacks have spiked due to the global pandemic.
The world of work has changed rapidly in the last few months, and many more people are now working from home. Unfortunately, it is no secret that telecommuting increases an organization’s attack surface, leaving it more vulnerable to ransomware than ever before.
Specifically, there have been prolific attacks on healthcare providers, starting with an ST Engineering U.S. subsidiary that was targeted in June. Ransomware attacks are not exclusive to any sector. Asia Pacific continued to experience a higher-than-average encounter rate for ransomware attacks, 1.7 times higher than the rest of the world. This is despite a 29% decline when compared to the previous year’s findings in 2018.
So, let’s take a minute to step back and examine what’s at risk and how to best protect your business from a ransomware attack.
Why is ransomware so prevalent?
Ransomware is a type of malware that denies access to an information system or makes data unusable, usually via encryption, until a ransom is paid. Imagine your organization is unable to provide your most vital services to customers because cybercriminals have encrypted the data on the servers that facilitate these services. This is precisely what ransomware is designed to do.
Attackers understand that many organizations cannot afford lengthy service interruptions, and they leverage this urgency to extort money from them. A successful attack can result in a massive blow to an organization’s reputation. There is also no guarantee that the attacker will uphold their end of the bargain and decrypt the data once the ransom is paid.
Ransomware can be disastrous to an individual or organization, and it is the job of security professionals to ensure that proper security measures are in place to protect against it. For example, it is a good idea to ensure that your business has backups of its critical data so that an attack does not immobilize your organization for an extended period. It’s also advisable to have a good incident response plan that provides a step-by-step guide to what your team can do if an attack occurs.
Detect and remediate quickly
Obviously, prevention is the preferred method of protecting against ransomware attacks. Unfortunately, prevention is not always possible. This brings us to the widely held beliefs that you should at least be able to detect what you cannot prevent. If IT teams detect something, they should take corrective action to prevent it from happening again.
But as organizations improve in prevention and detection mechanisms, cybercriminals are honing in on additional vulnerabilities, often at the end-user level. Malware has become more powerful, with attackers using evasive customization techniques to avoid detection by the traditional signature-based anti-malware solutions utilized in many organizations. In recent weeks, ransomware has increasingly been distributed through COVID-19-themed phishing emails, exploiting vulnerabilities, or by users unknowingly visiting an infected website. Additionally, attackers often use The Onion Router (TORs), open-source software that allows communication to remain anonymous when sending command and control traffic to their victims.
The good news is that just as cybercriminals are getting smarter, the number and capabilities of intelligent protection solutions are also increasing.
5 steps to improve security
Here are 5 ways to help ensure that the remote workforce remains secure:
1. Use firewall protection solutions. These allow for added specific capabilities designed to prevent ransomware attacks across the organization’s VPN. It ensures that protection is always present once a user logs into their computer. It is built with two-factor authentication and quality of service (QoS) bandwidth management, which lets IT teams allocate VPN bandwidth for selected types of traffic and users. Firewall solutions can leverage a single-pass architecture designed to prevent network vulnerabilities, block the download of known malware, and prevent malicious encrypted content from circulating around your network.
2. Back up your data. Maintaining recent backups of your data is essential. Companies that follow this fundamental best practice can safely ignore ransom demands and revert to stored files with little data loss.
3. Keep up with patches and check your security software. Patch management has been and will continue to be a challenge for many organizations and end-users. Merely keeping up with the latest patches for Windows, Mac, and Linux operating systems and your third-party applications will go a long way to reducing your exposure to ransomware.
Be sure that you have security software installed and that it’s up-to-date. New malware surfaces every day, so keeping current with your anti-virus software helps keep your data safe.
4. Educate staff to spot scams. Employee awareness is crucial in avoiding a ransomware attack. Staff should be coached on how to spot scams and urged to take the time to pause and check emails that don’t look right.
5. Take the “Security First” approach. Weave security awareness and practice into your process from beginning to end. DevSecOps is a concept that emphasizes the importance of integrating security into all parts of IT system development and operations, rather than leaving them disconnected. While perfect security is not possible, concepts like this bring it closer.
Sandeep Bhargava, managing director for Asia Pacific Japan (APJ) at Rackspace Technology, wrote this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends. Image credit: iStockphoto/Zephyr18