Does ransomware seem like it’s your problem yet? We have the tips to help you fight ransomware—but first you have to decide you’re ready to take some action.
Ransomware Steals the Headlines
Did ransomware get your attention when you heard about East Coast gas stations running dry after an attack led the Colonial Pipeline to shut down? How about when eager lawyers filed a class action lawsuit against Colonial, alleging that its inadequate cybersecurity measures harmed consumers?
Did ransomware send a shutter through your grocery budget when an attack shut down nine beef-packing plants at JBS, the world’s largest meat processing company?
Did it grab your interest when the average ransom payment more than doubled to $312,000 in 2020?
The message seems to be sinking in that it’s time to get serious with a plan to fight ransomware. A month after the Colonial Pipeline breach, 2/3 of organizations reported that they intend to take action to harden their defenses.
The Government to the Rescue (?)
The U.S. government is also stepping up its response. President Biden issued an executive order in May aimed at, among other actions, strengthening software security in federal agencies and creating a federal board to investigate major breaches. The administration says it intends to shift the focus from incident response to incident prevention.
Dozens of states are working on new regulations to step up cybersecurity across several industries.
Biden will surely address Russia’s hacker-friendly climate when he meets with Russian President Putin in mid-June, as the JBS attack (like the Colonial Pipeline attack and multiple others) was almost immediately attributed to a criminal organization in Russia. But if you’re pinning your organization’s safety on the hope that Russia will crack down on hackers, you may also have a tendency to think vampires make excellent stewards of blood banks.
The fact is that the government can’t keep up. Hacking operations are well-run businesses employing some of the world’s best coders. They shift tactics constantly and engage in flexes like quoting your own cybersecurity policy back to you if you claim that you can’t afford the ransom they demand.
The creaky engines of legislation and even executive action can’t pivot as fast as the bad guys. And the vast web of overlapping and disconnected entities in state and federal government leaves gaping holes in cybersecurity efforts.
Take Control of Your Own Ransomware Strategy
So, while new regulations may put a dent in the ransomware wave, protecting our organizations relies on each of us leaders taking decisive action specific to our situations. If all the ransomware headlines have provided the wake-up call you need, here’s what you can start doing.
- Patch your systems – A lot of IT leaders focus their angst on stopping zero-day threats. But digest this fact: One recent analysis showed that almost two-thirds of system vulnerabilities involve bugs that were identified two years ago. That literally means that the majority of your vulnerabilities are already solved if you just make the effort to use available patches. Hackers love to grab low-hanging fruit. Don’t let them find it on your system. Get a vulnerability scan and then address the gaps.
- Use proper port settings – Leaving certain port settings open unnecessarily gives hackers an easy gate into your system. CIS Controls 9 and 12 offer information on some common settings to check.
- Actively monitor your systems – If a bad actor does get a toehold in your system, spotting it immediately lets you shut down the breach before things get out of hand. IBM reports that it takes 280 days to identify the average breach. You can do a lot better. The latest defense is a Managed Detection and Response solution that constantly monitors activity, uses artificial intelligence to recognize multiple different acts as a brewing attack and actively steps in to shut down suspicious activity.
- Segment your systems – By effectively isolating/air-gapping various parts of your system, you limit how far hackers can get if they penetrate one part of the network.
- Limit each user’s access – Similar to the previous point, implementing a policy of least-privileged access and Identity and Access Management means you keep hackers from getting into your entire system if they compromise one user’s credentials.
- Have a robust backup strategy – Even if ransomware locks up your data, an effective backup of your data lets you quickly restore operations. Test the backup often to ensure it’s doing its job.
- Plan ahead – A detailed incident response plan helps everyone know what to do to limit the damage when you come under attack. Breach costs are 38% lower for companies that have an IR plan in place before the breach.
- Train your team—and keep training them – Malware frequently gets onto a system when a user clicks a bogus e-mail link or falls for social engineering via text messages. Engaging every member of your team in cybersecurity of how it keeps the business running—will provide one of the best defenses. Provide regular training on the latest tricks in phishing and other social engineering tactics.
- Get an outside opinion – An IT risk assessment, vulnerability scan and penetration testing all provide essential checks on your current cybersecurity posture and point to critical remediations you need to make. Contact Pratum to find out how we can help get you ready to stop ransomware attacks before they strike.