Ransomware attacks have increased at an alarming rate, not just in volume but in complexity. Organisations of all sizes in all industries are being targeted. The average cost of a ransomware attack – not including the cost of the ransom itself – is $4.54 million. The old-school approach to business resilience planning – where an organisation responds if an event occurs—does not offer enough ransomware protection in today’s world. Fortify your defences with a more proactive, holistic approach that’s crisis-ready when a disruption happens.

What is Ransomware?

Ransomware is a form of malware that targets computers and other devices. Access to these devices is restricted while attackers demand a payout—usually in the form of Bitcoin or other cryptocurrency —to unlock systems. Victims must decide if they’ll pay up to get an encryption key. Refusing to pay can require countless hours and thousands of dollars to rebuild and replace systems. Even if a ransom is paid quickly and fully, organisations still may face permanent data loss that deeply affects operations. One of the most common ransomware attack methods is phishing. These attacks are generally in the form of emails tailored to the recipient. They often look like real emails from legitimate sources. They are designed to get targets to divulge confidential personal information, such as passwords, usernames, and payment information. It’s estimated that at least one out of every 99 emails is a phishing attempt. Attackers also target organisations through software vulnerabilities and remote desktop protocol (RTP) attacks.

To Pay or Not to Pay

There is no one right response to a ransomware attack. It depends on a range of factors, which will be distinct for each organisation and situation. A Riskonnect poll of more than 150 organisations shows the disparity in the way organisations prepare and respond to a ransomware attack. Nearly half (47%) said their organisation will not pay the ransom. Only 2% indicated their organisation would likely pay up if faced with a ransomware attack. More than half (51%), however, said they did not know what their organisation’s response strategy was. In any event, it’s important to have the hard conversations now, before an attack occurs, not at the point of crisis – similar to the recommended approach for disaster recovery, business continuity, and other resilience programmes. Decide in advance who will serve as an incident commander and who will make decisions. Depending on the organisation, that person could be one and the same. Getting all key players together beforehand gives you the opportunity to make effective and thoughtful decisions in keeping with your organisation’s strategies, plans, and goals, instead of being pressed into reactive, crisis decision-making.

Implementing Controls for Ransomware Protection

While cyber breaches were once considered an IT problem, today’s ransomware attacks involve a growing number of executives and key stakeholders. Effectively mitigating an attack also requires the appropriate tools, resources, and skills. Consider taking the following four steps to get in front of a potential attack.

  1. Have a business continuity plan. With a business continuity programme in hand, you’re better equipped to survive a ransomware attack. Some 92% of managed service providers say that clients with business continuity and disaster recovery programmes are less likely to experience significant downtime from a cyberattack such as ransomware.
  2. Ensure proper roles and permissions are assigned throughout your organisation. While this may seem overly simplistic, some organisations haven’t mastered why it’s important to limit user roles on their own machines, especially those who would otherwise have access to sensitive and protected data and systems. It’s less about privilege than ensuring proper role administration.
  3. Review your data backup procedures. How many copies do you have? Where is your data stored? How is it isolated and protected? These backups become critical when it comes to addressing ransomware response strategies.
  4. Adopt multifactor authentication. When your organisation has MFA, it’s harder for attackers to take over accounts and get access. Many SaaS products support MFA, and it’s important to turn it on. MFA serves as a perimetre to help protect your organisation, which can save you a lot of headaches down the road.

Ransomware Survival Tips

  • Advance plan as much as possible.
  • Consider the potential customer reaction.
  • Understand the board or other senior leader expectations regarding ransom payment.
  • Know your organisation’s risk-impact tolerance and understand at what point might that threshold sway a decision to make a ransomware payment.
  • Work with your IT team and CISO to gather important information to make effective decisions.
  • Routinely participate in exercises to prepare for a real-world response.

Look Beyond Your Organisation

The increase in ransomware attacks is also hitting supply chains. Since a ransomware attack or data breach at a vendor can cause significant problems for you, it’s important to establish expectations and verify compliance with relevant regulations and laws, as well as with your own standards to keep your data safe. Know how much and what type of data your vendors can create, process, store, or transmit. If a vendor is multitenant, for example, it could be in attackers’ sights for large-scale, complex attacks. Many of these large vendors (think Google or Microsoft or Amazon) are well prepared to defend against and respond to these types of attacks, but don’t assume you are bulletproof. Understand and document your vendors’ mitigation and response strategies throughout the duration of your relationship. Ultimately, ransomware protection is about thinking through the issues and getting your plan together when an attack is still in the hypothetical phase, so you’ll be ready to go if the unthinkable happens. With any luck, you’ll never have to put it into action.

If you are considering business continuity software, get started with our customizable RFP template – and cheque out Riskonnect’s Business Continuity & Resilience software.