The proliferation and scale of ransomware attacks over the past couple of years has led to it becoming a daily conversation. Just this past year, countless large-name organizations were hit by ransomware attacks that resulted in critical business systems being severely impacted or sensitive data stolen and published. From attacks on the Los Angeles Unified School District (LAUSD), the Costa Rican government, and CommonSpirit Health, it’s apparent that no industry is immune.
With the number of data breaches caused by ransomware increasing by 41% in the past 12 months, organizations should know that it’s no longer a matter of if, but when their business is targeted by a ransomware attack. Fortunately, there are several preventative measures organizations can deploy to prevent the devastating consequences of a ransomware attack. Below are four key considerations for businesses to secure their most critical business systems.
1. Eliminate security blind spots
“You can’t protect what you can’t see” has recently become a trendy phrase among the cybersecurity community, yet continues to stand true. Business-critical systems, such as enterprise resource planning (ERP) applications, tend to be neglected by security teams and sit in a cybersecurity blind spot. Businesses often assume that their conventional security tools or application hosting service are in charge of protecting their crown jewels. However, the onus is on the organization itself to uncover any hidden data and assets that lie within its application landscape. To obtain end-to-end visibility over their business-critical application landscape, security teams should consider deploying application security tools that can continuously monitor and provide teams with deeper context into the external and internal risks threatening business-critical applications.
2. Keep up with patch management
Security teams must ensure they have the right patches deployed for each vulnerability, as unpatched flaws within critical business systems give ransomware groups a direct entry point to an organization’s network. While many ransomware attacks that happen today are the result of zero-day vulnerabilities, attacks caused by known, unpatched flaws are common as well. In fact, 87% of companies say that they have experienced the attempted exploit of an existing vulnerability, pointing to an inherent lack of robust patch management processes. Furthermore, CISA maintains the “Catalog of Known Exploited Vulnerabilities”, or KEV, which provides information about vulnerabilities that are actively being exploited. Organizations can use the KEV to understand why it is important to react timely to security patches and also to prioritize vulnerabilities that are being actively exploited.
3. Perfect business continuity plans
If there’s one thing we know about ransomware groups, it’s that they have evolved to become incredibly sophisticated. For example, recent research found that threat groups have been testing a new attack method that completely destroys data, rather than encrypting it. Businesses should prepare for any type of attack that comes their way, in addition to potential ramifications.
Creating different scenarios for a wide range of ransomware attacks, including those that may impact critical business processes, is a key method security teams can leverage to prevent any surprises. By continuously defining, communicating and testing various business continuity plans, security teams can determine if they have the assets they need to quickly thwart an attack — or quickly remediate if an attack does occur. Specific ransomware scenarios may include a system restore failure or measuring the length of time it takes to recover impacted files. In addition to enhancing their business continuity plans, organizations should regularly back up all of their critical systems to safeguard their data and reduce the cost and impact of an attack.
4. Enforce organizational security awareness training
Even the most robust automated technologies can’t prevent an employee from clicking a malicious link. Ninety percent of cyberattacks are caused by social engineering techniques, yet can often be preventable. Businesses should require all employees to conduct comprehensive cybersecurity training, including regular assessments that can confirm that each user is up-to-date on the evolving threat landscape.
Ransomware attacks are inevitable, but that doesn’t mean organizations have to spend a lot of time in remediation. By incorporating the above recommendations into their security programs, businesses can confidently thwart critical threats or reduce the impact of a ransomware attack.