Ransomware attacks have increased at an alarming rate, not just in volume but in complexity. Organizations of all sizes in all industries are being targeted. The average cost of a ransomware attack – not including the cost of the ransom itself – is $4.54 million.
The old-school approach to business resilience planning – where an organization responds if an event occurs—does not offer enough ransomware protection in today’s world. Fortify your defenses with a more proactive, holistic approach that’s crisis-ready when a disruption happens.
What is Ransomware?
Ransomware is a form of malware that targets computers and other devices. Access to these devices is restricted while attackers demand a payout—usually in the form of Bitcoin or other cryptocurrency —to unlock systems. Victims must decide if they’ll pay up to get an encryption key. Refusing to pay can require countless hours and thousands of dollars to rebuild and replace systems. Even if a ransom is paid quickly and fully, organizations still may face permanent data loss that deeply affects operations.
One of the most common ransomware attack methods is phishing. These attacks are generally in the form of emails tailored to the recipient. They often look like real emails from legitimate sources. They are designed to get targets to divulge confidential personal information, such as passwords, usernames, and payment information. It’s estimated that at least one out of every 99 emails is a phishing attempt.
Attackers also target organizations through software vulnerabilities and remote desktop protocol (RTP) attacks.
To Pay or Not to Pay
There is no one right response to a ransomware attack. It depends on a range of factors, which will be distinct for each organization and situation.
A Riskonnect poll of more than 150 organizations shows the disparity in the way organizations prepare and respond to a ransomware attack. Nearly half (47%) said their organization will not pay the ransom. Only 2% indicated their organization would likely pay up if faced with a ransomware attack. More than half (51%), however, said they did not know what their organization’s response strategy was.
In any event, it’s important to have the hard conversations now, before an attack occurs, not at the point of crisis – similar to the recommended approach for disaster recovery, business continuity, and other resilience programs.
Decide in advance who will serve as an incident commander and who will make decisions. Depending on the organization, that person could be one and the same. Getting all key players together beforehand gives you the opportunity to make effective and thoughtful decisions in keeping with your organization’s strategies, plans, and goals, instead of being pressed into reactive, crisis decision-making.
Implementing Controls for Ransomware Protection
While cyber breaches were once considered an IT problem, today’s ransomware attacks involve a growing number of executives and key stakeholders. Effectively mitigating an attack also requires the appropriate tools, resources, and skills. Consider taking the following four steps to get in front of a potential attack.
- Have a business continuity plan. With a business continuity program in hand, you’re better equipped to survive a ransomware attack. Some 92% of managed service providers say that clients with business continuity and disaster recovery programs are less likely to experience significant downtime from a cyberattack such as ransomware.
- Ensure proper roles and permissions are assigned throughout your organization. While this may seem overly simplistic, some organizations haven’t mastered why it’s important to limit user roles on their own machines, especially those who would otherwise have access to sensitive and protected data and systems. It’s less about privilege than ensuring proper role administration.
- Review your data backup procedures. How many copies do you have? Where is your data stored? How is it isolated and protected? These backups become critical when it comes to addressing ransomware response strategies.
- Adopt multifactor authentication. When your organization has MFA, it’s harder for attackers to take over accounts and get access. Many SaaS products support MFA, and it’s important to turn it on. MFA serves as a perimeter to help protect your organization, which can save you a lot of headaches down the road.
Ransomware Survival Tips
- Advance plan as much as possible.
- Consider the potential customer reaction.
- Understand the board or other senior leader expectations regarding ransom payment.
- Know your organization’s risk-impact tolerance and understand at what point might that threshold sway a decision to make a ransomware payment.
- Work with your IT team and CISO to gather important information to make effective decisions.
- Routinely participate in exercises to prepare for a real-world response.
Look Beyond Your Organization
The increase in ransomware attacks is also hitting supply chains. Since a ransomware attack or data breach at a vendor can cause significant problems for you, it’s important to establish expectations and verify compliance with relevant regulations and laws, as well as with your own standards to keep your data safe.
Know how much and what type of data your vendors can create, process, store, or transmit. If a vendor is multitenant, for example, it could be in attackers’ sights for large-scale, complex attacks. Many of these large vendors (think Google or Microsoft or Amazon) are well prepared to defend against and respond to these types of attacks, but don’t assume you are bulletproof. Understand and document your vendors’ mitigation and response strategies throughout the duration of your relationship.
Ultimately, ransomware protection is about thinking through the issues and getting your plan together when an attack is still in the hypothetical phase, so you’ll be ready to go if the unthinkable happens. With any luck, you’ll never have to put it into action.