Ransomware attacks have become a major threat to many private businesses. The possibility of having critical business data encrypted by cybercriminals who then demand millions for data release is fast becoming a reality. Ransomware attacks have sharply increased over the last year. In fact, it was reported that in 2020 the amount of ransom paid was $350M, representing a 311% increase over 2019. There have been several high-profile ransomware attacks including the ones at JBS Swift, Edward Don, and the Colonial Pipeline. The high cost of these attacks means businesses need to carefully review cybersecurity efforts to ensure maximum protection. The White House recently released cybersecurity tips to Corporate Executives and Business Leaders to ensure U.S. businesses are protected. To help clients, prospects, and others, PBMares has provided a summary of the key points below.
What is Ransomware?
It is a type of malware that encrypts a victim’s files making essential business data impossible to access without the appropriate decryption information. Of course, decryption details are not provided unless the attacker’s ransom is paid. In other words, the business is held hostage to either meet the attackers’ financial demands or find another means to restore the data and clean the network of the malicious program. Even if a business does pay the full ransom amount, there is no knowing if the files will be returned at all or, if they are returned, if the integrity of the data has been compromised.
Ransomware Prevention Best Practices
- Create & Test Back Ups Regularly – It is important to regularly create backups of data, system files, images, and configurations. Since many companies have relied on backups only to find out they did not work when needed, it is also important to conduct regular tests for all key systems. Even with regularly tested back-ups, a business may still be exposed to ransomware attacks. Studies of prior attacks show that many ransomware programs will try to find and encrypt backup data to make it impossible for a system restoration to occur. Therefore, it is imperative that all backups are stored in a location not accessible to the network.
- System Updates – Maintaining the security of operating systems, applications, firmware, and other connected software is a critical aspect of ransomware protection. Businesses should consider a centralized patch management system or a risk-based assessment approach to determine when critical and other updates will be made.
- Device Configuration – Take time to ensure that devices are properly configured, and security features enabled. This has become an increasingly important task now that so many employees, vendors and suppliers are accessing the network through separate devices.
- Network Segmentation – Recent activity shows that cybercriminals are shifting from stealing data to simply disrupting operations. For this reason, it is important that business functions and operations are separated, and that Internet access can be filtered or limited and that links between them can be identified. This will allow the company to develop workarounds and implement manual controls to ensure instructions can be limited and isolated, should an issue arise.
- Incident Response Plan – If the business has not yet developed an incident response plan, then now is the time to do so. It will outline the steps that should be taken in the event of a ransomware attack on the company’s IT infrastructure. For those with an existing plan, it is important to regularly test it to assure the desired outcomes are reached. If not, it may be necessary to re-evaluate key assumptions which underpin the priorities established in the plan.
- Penetration Testing – In order to evaluate the effectiveness of existing controls, it is useful to conduct 3rd party penetration testing to determine system strengths and weaknesses. The more aggressive the better, because often cybercriminals are quite sophisticated and will look for any opening which can be used to launch an attack. When weaknesses are exposed, it provides important insights on where controls need to be modified or updated. All weaknesses identified should be assigned a criticality risk ranking and remediation steps taken timely.
- Intrusion Detection Systems – These systems allow a company to detect command and control activity, and other potentially malicious network activity, that occurs when a bad actor is installing and configuring ransomware.
A comprehensive cybersecurity plan is essential to protecting your company’s operational, financial, customer, and other important data. As ransomware attacks continue to increase in complexity and sophistication businesses must escalate protective measures to ensure they do not become a victim of these vicious attacks. If you have questions about the information outlined above or need assistance with cybersecurity planning, training, or testing, PBMares can help. For additional information call us at 757-627-4644 or click here to contact us. We look forward to speaking with you soon.