Ransomware isn’t a new threat, but it has recently become a huge newsmaker. Between the attacks on Colonial Pipeline, meatpacker JBS, and Ireland’s national healthcare system, it is becoming apparent that ransomware operators are going for the jugular by targeting critical infrastructure sectors.
When cybercriminals target our fuel, food, and healthcare, it is hard to put a price on the impact of those attacks because the repercussions reach far beyond financial loss. But for noncritical sectors, successful ransomware attacks have a quantifiable cost, and it isn’t small.
Ransomware operators are demanding record-high ransom payments, including $50 million from Taiwanese electronics manufacturer Acer (whether Acer paid is unknown) and a confirmed $4.4 million paid by Colonial Pipeline.
However, ransom payments are only one way cyberattacks affect your company’s bottom line. System downtime disrupts business continuity, which impacts revenue generation, employee productivity, and customer retention. When you add costs to recover data, repair damage to hardware and equipment, and resolve any compliance and legal issues, the price tag can be staggering.
Fortunately, becoming a victim of a ransomware attack isn’t a given. IT teams can take steps to reduce their organization’s risk and proactively protect against ransomware and data loss.
Security Strategies for Ransomware Prevention and Risk Mitigation
Today’s ransomware prevention strategies resemble a game of cat and mouse. Ransomware operators constantly change tactics to evade detection technology, and IT staff members try to keep their defenses primed and stay one step ahead of the latest threats.
Although some days it can seem like a losing battle, with proper planning and proactive backup and recovery policies in place, organizations can mitigate much of the risk ransomware poses.
Ransomware risk mitigation strategies can be broken down into two types: prevention and damage control. By focusing on honing each type independently, IT security teams can create a holistic, multilayer ransomware defense strategy.
Prevention Strategies
You know what they say about an ounce of prevention ... and when it comes to ransomware, the adage is spot on. In the long run, investing time and money into stopping a ransomware attack is far less costly to your budget and your reputation than cleaning up after one.
Here are five of the most effective ways to stop a ransomware attack before your data is encrypted, deleted, or exfiltrated:
1. Enact multilayer security
Ransomware operators want to breach your security — but they don’t want to work too hard at it. The more obstacles you put between hackers and your data, the less likely they are to keep trying to get in.
By putting roadblocks at the system, network, application, and transmission levels, your data is protected from both passive attacks, such as Trojan horses, and active attacks, including cryptography, spoofing, and denial of service.
2. Patch and update frequently
Harkening back to the previous point, ransomware operators would instead exploit a known vulnerability than blaze a trail into new territory if they don’t have to. Uninstalled patches and skipped security updates make it easy for hackers to do just that because they know exactly what the vulnerabilities are — and they know that many IT teams won’t install the patch immediately, if at all.
Establishing (and enforcing) a strict updating and patching policy will ensure vulnerabilities are addressed immediately, either by automation, a dedicated IT staff member, or a managed IT services provider.
3. Reduce IT complexity
Today’s complex IT infrastructures give hackers plenty of entry points into the company network as well as ample places to hide once they breach the security perimeter. With many organizations running multigenerational IT platforms, various cloud workloads, and heterogeneous operating environments, IT teams have minimal visibility into what is going on within the IT systems.
Unified data protection solutions can help reduce IT complexity and increase data protection by delivering ransomware prevention across hardware, cloud, SaaS, and other environments from one centrally managed interface.
4. Educate employees
A recent study of security executives in the U.K. and Ireland found that almost half (46%) of the CSOs/CISOs surveyed think ransomware is the biggest cyber threat to their businesses today. The same study found that 55% of those security C-levels believe that human error (i.e., lack of cybersecurity awareness) is the biggest risk for their business, regardless of their cybersecurity strategy.
Regularly scheduled security awareness training lets you extend the reach of IT by essentially making employees a human firewall. Teaching employees what to look for, what not to click, and what to do if they make a mistake significantly reduces the company’s risk of a successful ransomware attack.
5. Review RDP port settings
Ransomware operators have long considered remote desktop protocol (RDP) an easy access point into Windows computers. One of the most common ways hackers take advantage of RDP is by scanning the internet for open ports and applying a brute force attack or using stolen credentials to enter the system and encrypt, delete, or steal valuable data.
IT can reduce the risk of ransomware attack via RDP port by following a few best practices:
- Change the default port from 3389 to a different port
- Restrict access to the RDP port to only trusted IP addresses
- Block access to port 3389 with a firewall
Damage Control Strategies
Despite our best efforts at prevention, some ransomware attacks may succeed. At that point, it is time to switch strategies and go into damage control mode.
With these five strategies in place, IT can minimize the amount of damage done by protecting sensitive data from corruption or loss, ensuring there is a recent and complete backup available for recovery, and minimizing the financial impact on the company.
1. Use 3-2-1-1 backup
A modern take on an old standard, the 3-2-1-1 backup strategy adds an air-gapped backup copy to the traditional 3-2-1 backup plan:
- Three copies of the data — the primary copy, a replica, and a backup copy
- Two different media — such as disk, purpose-built backup appliance, and tape
- One copy stored online and off-site
- One copy stored offline and off-site (air-gapped)
2. Segment networks
Your business’s mission-critical and nonessential data and applications should not share space on your network. Segmenting the network — either physically or virtually — keeps hackers from penetrating very far into your network, limits the amount of data that can be stolen or encrypted, and improves threat detection and response time, so the attack is contained quickly.
3. Encrypt mission-critical data at rest (and in transit ... and in use)
We all think about sensitive data being vulnerable while in transit, but what about when that data is at rest or in use? Data encryption isn’t only necessary when data is being sent from one point to another; it is an essential part of your cybersecurity strategy no matter what state the data is in.
4. Implement a disaster recovery plan
The middle of a crisis is a terrible time to start thinking about disaster recovery. Taking a proactive approach to planning for a worst-case scenario will ensure you have pragmatically considered the risks and created a game plan for supporting business continuity and bringing critical IT systems and functions back online quickly once the threat has been resolved.
5. Invest in cybersecurity insurance
Ransomware recovery is expensive, whether you pay the ransom or not. To offset some of the potential costs of a successful cyberattack, many organizations opt to take out cybersecurity insurance policies.
Coverage varies by policy, but most cyber liability insurance policies will cover direct costs and expenses, including:
- Legal expenses
- Ransom payment
- Data restoration
- Breach notification to consumers
- Call center setup
- Public relations for the organization
- Credit monitoring and identity restoration for those affected
Proactive Ransomware Protection Is Your Best Defense
Although ransomware is a real and growing threat, you don’t have to become a victim. Contact us to learn how to protect your organization against cyberattacks and data loss.